• Earlier today I received a “Daily Security Digest”, apparently triggered by iThemes. I don’t recall receiving such reports in the past, and I didn’t actively trigger the feature, so it seems it activated itself, perhaps after an iThemes update?

    In any case, somewhat alarmingly, the iThemes log (which appears to have started on 7 July, again, without me actively triggering it) reports many invalid logins from myself! Perhaps someone can shed some light on the situation and let me know whether this is ‘normal’, or whether I have reason to be concerned?

    Thank you.

    https://www.ads-software.com/plugins/better-wp-security/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Hi,

    Unfortunately there was an issue several updates ago with the upgrade routine that affected a portion of users settings. My apologies for this.

    Another possibility is you enabled our new Security Check feature which enables all recommended features that know will now conflict with any environments.

    As for the report you received, it sounds like you’re under a brute force attack, and they’re using your username. I’d suggest creating a new user, transfer all content to it and delete the old one. If you can’t access your site to do this, then deactivate the plugin via FTP by renaming it’s directory to something like ithemes-security-pro.bak. Once you’re in and made the adjustments you can rename it back to reactivate it.

    Thanks,

    Gerroald

    Thread Starter HerbEppel

    (@herbeppel)

    Hi Gerroald,

    Tanks for your – dare I use the term again – somewhat alarming reply. Could it have been some kind of false alarm? I’m asking because:

    a) I had and have no trouble accessing my site;
    b) I’m pretty sure my ISP would have blocked me and/or told me if there had been an actual brute force attack;
    c) According to today’s digest, “there have been no lockouts since the last email check”.

    [ Signature moderated ]

    Hi,

    What’s alarming is when you notice how much your site is actually under attack. But it’s really not that unique. The idea is to do what we can to make sure they’re not successful.

    If you were getting invalid logins with your username, and you are certain it wasn’t you then it was a brute force attack. If you’ve enabled the Brute Force feature and they meet your lockout criteria the plugin will lock them out. This could result in you being locked out too, but if that’s not the case it’s just fine.

    Based on what you’ve mentioned I don’t think you have anything to be concerned about.

    Thanks,

    Gerroald

    Thread Starter HerbEppel

    (@herbeppel)

    Thanks for your helpful and reassuring reply. I’ll keep monitoring the situation.

    In the light of the impressive support response, I might even upgrade to the Pro version in due course ??

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Lockout mystery’ is closed to new replies.