Too Many bad login attempts – Locked Out

Hello,

I have the same problem. This is bothering me. What is the likelihood that hackers can hack into a website?

Hello!

These messages mean that protection works ok and attackers are blocked. You can switch off email notifications in plugin settings (see “Security” in the backend menu on the left).

Hi, this is happening to me since 24hours now. My problem is, that the message generated by iThemes Security Plug-in concerns my own admin login credentials. Whenever I try to login, I am able to access the dashboard. Any ideas or help on this?

Hi,

These are most definitely legitimate attacks.

@Leutenggerag – The brute force attack is using your username. I’d suggest creating a new user, transfer all content to it and delete the old one. If you can’t access your site to do this, then deactivate the plugin via FTP by renaming it’s directory to something like ithemes-security-pro.bak. Once you’re in and made the adjustments you can rename it back to reactivate it.

Thanks!

Gerroald

Hmmm – so I set up a new admin account and was about to delete the old one – the one that is triggering all these access attempts – and then realise that this user is the author of all the pages… is this going to be a problem if I delete the user? and, if so, how do I transfer the authorship to the new admin account?

Thanks

@stickleback, you can change author of all posts and pages manually. When you edit post or page there is a field below the editor where you can choose author. If you do not see this field go above and at the very top of the page you will find spooler with settings where you can switch on/off fields. Just switch author field on.

Also may be you will able to change author from the list of posts/pages using quick edit.

And if you have too many of them to do it manually just google sql query for that case. You will have to login to PhpMyAdmin and run it.

If you delete user and do nothing I think you will not damage WP. You can create test page authored by new test user and then delete user and see what will happen. I actually do not know. Suppose this page will be displayed ok, but just will have no author.

P.S. you even do not have to use sql statement. You can use bulk action, here is an article: https://www.webhostinghero.com/how-to-change-wordpress-author-in-bulk/

Thanks for the reply – I tested this on another inactive site and, sure enough, when I went to delete the user it gave me the option to reattribute authorship to another user – so that worked!

I was just a bit worried that I might delet all that user’s content along with their account.

The good news is that, since this change I am no longer receiving these lock out messages, so it would seem that the previous user (not “admin” !!) had indeed been compromised.

Thanks for your help with this!

You are welcome!

To implement reassigning authorship was quite wise, thanks WP developers!

I have the same problem. But I’ve been completely locked out of my own site.

If I try to login with the plug-in activated it doesn’t let me because it says too many login attempts.

If I deactivate the plug-in by renaming it in FTP the login screen just keeps on redirecting to the login screen when you click login. There’s no error message. It allows a change password but even when you do it just doesn’t let you login.

@robcub, Rob, check .htaccess file probably some redirects are there. You will find there a block created by the plugin.

@dvascheta really weird, the site doesn’t have an .htaccess on the site root – and I can’t work out why because I thought all my WordPress installs had .htaccess’s

Anyway, I’ve made one with the usually WordPress lines in there and it hasn’t made a difference. I still can’t login ??

I recall that the solution for me was going into the database. There was a table that had a record of all the lockouts and clearing those allowed me to log in again

@robcub every lockout should expire, it is not forever. But you need plugin to be working for the lockout to be cancelled.

May be you did too many different things so the problem now is in any other place? For example you really enter the wrong password because you have changed it few times and some attempts failed (just to suppose) and now you don’t know for sure which one is correct?

Try to eliminate possible problems that are not caused by the plugin.

• This reply was modified 8 years ago by Alexey.
• This reply was modified 8 years ago by Alexey.

Thank you @stickleback

My bad. It was actually WP Limit Login Attempts that was the culprit. I added a .bak to that in the /plugins/ folder and that fixed it.