iThemes Security keeps loggin g me out

  • Hi.
    I am using iThemes security Version 4.6.13 on my website and i keep getting locked out of my site.
    Almost every time i go into the admin i get locked out and i need to go into phpmyadmin to remove all the entries in the “qmp_itsec_lockouts” table before i can get in again.

    My IP address is never listed there and i cannot see what is causing this.

    I installed sync becaue apparently you can use that to give yourself access again, but when i am locked out, it cannot seem to access it and has a red line next to it.
    When i am able to access the site again and check sync, it opens and i can see it says “You do not have any lockouts at this time. “

    Please can someone help me before i go completely mad.

    Thank you.

    https://www.ads-software.com/plugins/better-wp-security/

Viewing 7 replies - 1 through 7 (of 7 total)

  • If the lockout situation shows the message:

    You have been locked out due to too many invalid login attempts.

    it is probably a user lockout situation.

    Due to a bug, once a user lockout has occurred, every subsequent bad login with that account leads to an immediate user lockout …
    By default a user lockout will expire after 15 minutes.
    The Brute Force Protection setting Minutes to Remember Bad Login (check period) is not taken into account.

    As soon as you can get in again first whitelist your IP address.
    If you are using an “admin” account to login rename it to something less obvious. This can be done from the iTSec plugin Advanced page.
    Please EXACTLY follow the instructions of the Change Admin User feature on the iTSec plugin Advanced page.

    dwinden

    Thread Starter Quintinm

    (@quintinm)

    Hi, this is the error message i get:
    “You have been locked out due to too many invalid login attempts.”

    The password and username is correct – i was in a few hours ago.
    So there was no bad login.

    I am not using “admin”.

    Any other ideas?

    Just like the message says there were definately bad login attempts … Obviously someone else or a bot is trying to login with that same user account and causing the bad login(s) …

    dwinden

    The same problem with my site, I follow the instruction but can’t fix.I received a hundred of Site Lockout Notification emails a day.Obviously a bot is trying to login with that same user account. Anyone can help me?
    Thanks

    @hungtrinh
    Permanently whitelisting your ip address in the Global Settings section of the Settings page will allow you to login even when there is an active user lockout.

    dwinden

    Hi, I’m getting the same problem – we’re locked out of our own site. First of all we couldn’t even see our own pages as our IP address had been blocked. Now the login page has ERROR: Too many failed login attempts. Please try again in 151 hours.
    How can I get in before 151hours?
    thanks

    @artsafari

    ERROR: Too many failed login attempts. Please try again in 151 hours

    is not a default iTSec plugin lockout message …
    Also an iTSec plugin lockout by default expires after 15 minutes …

    However I must add both are configurable …

    Temporarily rename the iTSec plugin better-wp-security folder on the server and see whether the lockout remains or not …
    If the lockout message is still displayed after the rename it must be from another plugin …

    dwinden

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘iThemes Security keeps loggin g me out’ is closed to new replies.