Temporarily locked out

  • Resolved andreu

    (@andreu)


    3 years, 11 months ago

    Hi,

    In the last months we’re receiving some concerns from some users that gets this error https://snipboard.io/yniZYd.jpg when browsing in our site.
    We have a WooCommerce selling every day and we don’t know what’s causing the issue. We’ve been trying to find info about this error and a way to unlock these users without success.
    Can you guide me with some docs of how can we prevent this issue and unblock them?

    Thanks

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @andreu, thanks for dropping us a message regarding this and sorry to hear some of your users are experiencing this lockout.

    It sounds like this could be related to rate-limiting as 503s tend to occur when the site is receiving multiple requests in quick succession: https://www.wordfence.com/help/firewall/rate-limiting/

    When you check Wordfence > All Options > Rate-limiting do any of your options show the warning, Very strict. May cause false positives.? If so, the rule may need relaxing to not block legitimate visitors quite so readily as they are clicking through your site making a lot of page requests. Also under this section, you will see How long is an IP address blocked when it breaks a rule, which is possibly set to a long interval which could explain why they’re being blocked without being able to find specifically blocked usernames to unblock.

    Let me know how you get on!

    Thanks,

    Peter.

    Thread Starter andreu

    (@andreu)

    Hi Peter,

    Last week I set this option “Enable Rate Limiting and Advanced Blocking” to OFF to see if that was the problem but after that some client concerned, so I don’t think this is the cause of the trouble.
    Do you think it can be something else?

    Thanks

    Plugin Support wfpeter

    (@wfpeter)

    Hi @andreu, thanks for providing the clarity on that.

    This error status also applies to Wordfence > All Options > Brute Force Protection so it’s quite likely that users are either mistyping their username with “Immediately lock out invalid usernames” selected, or the numbers for “Lock out after how many login failures” are on the strict side.

    If altering those doesn’t work, you could send us a diagnostic report to wftest @ wordfence . com so we can look into your configuration a little closer. You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    Note: For the fastest response time, please make sure and add any information or questions directly to this topic and not the email address above unless asked.

    Thanks,

    Peter.

    Thread Starter andreu

    (@andreu)

    Hi Peter,

    I already checked this option before too. We have the login and password reset trials set to 10 and the lock out time to 4h. Our users could not visit the website during more one day so I thought that this option was not the issue.

    I’ve just sent the report. Hope this helps you understand what’s going on ??

    Thank you!!

    Plugin Support wfpeter

    (@wfpeter)

    Hi @andreu,

    We were indeed locked out when attempting to troubleshoot the issue when attempting a login with a non-existent username from the URLs provided with the diagnostic.

    This is not a recommended setting for an e-commerce store and are most likely the reason some of your users are experiencing this issue, so please uncheck “Immediately lock out invalid usernames”: https://www.wordfence.com/help/firewall/brute-force/#lockout-invalid-user

    Thanks,

    Peter.

    Thread Starter andreu

    (@andreu)

    Ok, thanks!! We’ll give it a try and let you know in case we still have users with the problem. Best,

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Temporarily locked out’ is closed to new replies.