Site lockout and banning IPs

  • I love this plugin so far – looks to be the one plugin solution (well, I added a file monitoring plugin but I think you’ll be implementing that functionality in the future too.)

    A couple of questions:

    1.

    I am getting Site Lockout Notification emails, about lockdown for IPs with too many login attempts. However, when I go into the plugin settings, I see no place where I can review these IPs to ensure they’re banned for good. The User Login –> Login Lockdown page shows empty table for the Locked IP Range even though I received 34 emails about lockdowns.

    Is it because the time of lockout I have set to 60 mins. so automatically these IPs get out of lockdown? If so, it would be useful to have a rule that will enable automatic banning (permanent lockout.)

    2.

    User Login –> Failed Login Records shows many attempts to log in my system using “admin” username which I do not have. I want to block these IPs but the only operation that I can perform on these IP records is to delete…

    Maybe I am missing something… can someone clarify?

    Thanks!

    https://www.ads-software.com/extend/plugins/all-in-one-wp-security-and-firewall/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter Strategerizer

    (@rneagu)

    It does look like the blocked IPs show up in the list if I look them up shortly after I am notified. I had the lockdown to be 60 mins. I now increased it to 24 hours. But I can clearly identify hackers that try to login using “admin” username and continuously trying every few minutes. I want to permanently ban/block these IPs.

    Any way to do this?

    Also may be a good idea to lock out anyone that tries to login using the username “admin” as none of my accounts use that…

    Plugin Contributor Peter Petreski

    (@peter-petreski)

    Hi @Strategerizer,
    Yes that’s right – the locked out IP addresses were unlocked after 60 minutes which is why you weren’t seeing them listed in the table.

    I can clearly identify hackers that try to login using “admin” username and continuously trying every few minutes. I want to permanently ban/block these IPs.
    Any way to do this?

    We will add the ability to block an address by clicking on a link in the table in a future release. At the moment you can block the appropriate address range by entering it in the blacklist settings – eg, 78.138.107.*

    Also may be a good idea to lock out anyone that tries to login using the username “admin” as none of my accounts use that

    Thanks for the suggestion and it sounds like a neat idea. We might consider adding something along those lines in future release.

    Thread Starter Strategerizer

    (@rneagu)

    @peter – thanks for the quick feedback.

    Good reminder about the ability to enter those IPs on the Ban Users screen; I’ll do that. Looking forward to being able to have this done automatically from the various tables in the User Logins screens.

    Regarding the feature request, being able to block IPs based on admin defined usernames may be helpful. So I could enter a list to include admin, moderator, etc. (maybe have it pre-filled for newbs). Hey, I could even put in the username of some malicious ex-user I have banned so now if they try to log in, their IP gets blacklisted!

    Great plugin! (many thanks for your contribution)

    This should be solved now.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Site lockout and banning IPs’ is closed to new replies.