Maddening Block of Legit User

  • Resolved mountainguy2

    (@mountainguy2)


    6 years, 3 months ago

    This has been going on a couple of years, was hoping the WordFence upgrades would sneak in a fix. Am I the only guy out of million WF users who has this problem? I doubt it, but if so, then I’ll raise a glass in celebration of my overarching uniqueness.

    In any case, one of our users tries to log in with a legit username (obfuscated) 1d***69

    The user gets blocked by Wordfence, I double checked that user is inputting the exact username, the result is Wordfence email as follows. Does anyone have _any_ ideas of what I could look at to troubleshoot this? It’s driving us crazy.

    I examined the database tables. The username in the Wordfence wp_wfLogins table is exactly the same, as is the username in the wp_users table.

    This email was sent from your website “- The **********” by the Wordfence plugin at Thursday 29th of November 2018 at 11:01:45 PM
    The Wordfence administrative URL for this site is: https://*****/wp-admin/admin.php?page=Wordfence
    A user with IP addr 73.***.***.*** has been locked out from signing in or using the password recovery form for the following reason: Used an invalid username ‘1d***69’ to try to sign in.
    The duration of the lockout is 6 hours.

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hi @mountainguy2,

    Can you run the following query on your database?

    SELECT username FROM wp_wflogins JOIN wp_users ON username = user_login WHERE action = 'loginFailInvalidUsername';

    This query compares all failed logins (due to invalid usernames) with existing users (from wp_users).

    What does this query return?

    Dave

    Thread Starter mountainguy2

    (@mountainguy2)

    That sounds like a good query to run, thanks. I suppose I should be sure there is a failed login in the user_login table… I’ll do it ASAP.

    Thread Starter mountainguy2

    (@mountainguy2)

    Dave, that must be the magic query (smile). The user tried to log in and get blocked so I could troubleshoot, but this time he did not trigger a block! We changed nothing. All I did was look at your magic query. Exceptional! In any case, I’m sure he’ll get blocked again eventually, and when that happens I’ll resurrect this thread and run your query. MTN

    Glad it worked out! I don’t think the query should have changed anything, but please let me know if your users are getting blocked again for no reason.

    Dave

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Maddening Block of Legit User’ is closed to new replies.