login error message is appearing on my home page and locking everyone out

  • Resolved budshelmetmirrors

    (@budshelmetmirrors)


    9 years, 4 months ago

    The latest auto update, 4.2.3 apparently caused the site to have an “access limited /unlock” page:
    (HTTP 503, Blocked by login security setting)
    displayed instead of home page for all who try to view the site online, thus locking everyone out. I receive no notification of any attempt to log in via email as would have been usual. This occurs now daily. I have changed googlebot and related settings to allow them much access; and looked at every setting screen but can find no command for this display.
    Security was working fine prior to update other than having to reset my password frequently. I have not tried disabling the plugin or the login security.
    I am a small time manufacturer selling bicycle mirrors and am losing sales. A customer first brought this to my attention.
    Thanks for any ideas, Budshelmetmirrors.com

    https://www.ads-software.com/plugins/wordfence/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author WFMattR

    (@wfmattr)

    When users are blocked without having tried to use the login form, the “How does Wordfence get IPs” option will usually help (on the Wordfence Options page). There are details on the options here:
    https://docs.wordfence.com/en/Wordfence_options#How_does_Wordfence_get_IPs

    In Wordfence, if you turn on the “Live Traffic” option, you should also be able to see which option shows different IP addresses for each visitor.

    If you are not sure which option to pick, your host should be able to tell you if there is a proxy, as mentioned in the link above. This might have just been a coincidence that the WordPress 4.2.3 update happened just before the blocking started.

    Thread Starter budshelmetmirrors

    (@budshelmetmirrors)

    Thanks for your reply.
    I have checked and the How does Wordfence get ips.
    It is set to Let wordfence use the most secure method.
    I still am unclear why this error locks everyone out on the front home page preventing all views of the site. I am used to only the offending party being locked out. Is this unusual?
    I have checked the traffic log and usually no one has tried to log on when the error screen appears. This morning the message was about fake google bots.
    Need advice.
    Should I buy the premium key, or reload the plugin, or deactivate wordfence and take my chances?
    Thanks

    Plugin Author WFMattR

    (@wfmattr)

    Ok, for the “How does Wordfence get IPs” option, try using the option that says “X-Real-IP” instead, then check your live traffic and see if visits are logged from multiple different IP addresses after a while.

    The reason it isn’t working normally is that your host has a different setup from many, which is normally fine, but it may not be compatible with all WordPress plugins. In this case, it sounds like Wordfence can’t see each visitor’s address, but instead it sees every visit coming from one address at the hosting company instead — the setting above should fix this part.

    You might also need to ask the hosting company to “turn off caching in nginx” for your site. That part might be saving the error messages from Wordfence, even after the blocked user would have been unblocked.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘login error message is appearing on my home page and locking everyone out’ is closed to new replies.