IP 127.0.0.1 is blocking me out automaticly

Show us a screenshot of what is displayed when you click on the View Details link of an Invalid Login Log record. Don’t forget to blur any site specific info in case you don’t want to share such info.

• This reply was modified 6 years, 1 month ago by nlpro.

ok, see here: https://snag.gy/tJfTx0.jpg

Thanks!

Also please find out whether your site is behind a proxy. You may need to contact your hosting company to verify this.

If not running the latest iTSec plugin release (at the time of writing this post 7.2.0) please update the plugin.

I have multiple sites on the same server, with not this problem

Yes, I′m running 7.2.0

Ok, the second screenshot tells us the site is suffering from a brute force attack using xmlrpc (xmlrpc.php).

If the site is not using any xmlrpc functionality you can completely disable xmlrpc in the WordPress Tweaks module.
That will effectively stop the brute force attack.

But how is this brute force attack using my local IP ?

Probably the plugin is not properly configured (if the site is NOT behind a proxy) allowing brute force attackers to spoof the IP.

If the sites are NOT behind a proxy navigate to the Global Settings module and scroll down to the Proxy Detection setting. The default value is Automatic. Change it to Disabled. Save settings.

So were you able to stop the brute force attack ?

Even when the site is using xmlrpc, changing the Proxy Detection setting alone will already have a positive effect. The brute force attack will no longer be able to spoof the IP (to 127.0.0.1 which is auto whitelisted). The real IP will be logged so it will be locked out 3 times temporarily and finally banned permanently ??

Yes I contacted my hosting and my site was behind proxy. Now everything works fine.

Thank you!

Ah ok. So you’ve set the Proxy Detection setting to Manual ? (And selected the right proxy header).