Username Lockout Frustration

  • Resolved mountainguy2

    (@mountainguy2)


    8 years, 11 months ago

    I set up a new user in Word Press. He tries to login. He gets locked out with following email message sent to me from Wordfence:

    A user with IP address ***** has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username ‘?placeholder’

    BUT ‘placeholder’ (without the quotes) is the exact username shown in the WordPress admin!!!! I even looked in the wp_users table in the database, and the name is exactly the same.

    We’ve been going through this over and over again, for several hours over several days. It’s getting ridiculous.

    Any suggestions? I’m pulling my hair out.

    https://www.ads-software.com/plugins/wordfence/

Viewing 6 replies - 1 through 6 (of 6 total)

  • Hello mountainguy2,
    Is this a single or multisite install?

    Thread Starter mountainguy2

    (@mountainguy2)

    Single site

    I’ve actually logged in using a VPN from my office, then when our worker tries to login from somewhere else he gets kicked out for invalid user name.

    Ideas?

    Thread Starter mountainguy2

    (@mountainguy2)

    I think I should apologize for assuming this was a Wordfence issue. Looking less like that. We tested and user could login manually without triggering lockout. He then used PassPack password manager while we whitelisted his IP, and he kept getting an “invalid user name” message, which I assume was from WordPress NOT WF since he was whitelisted.

    I guess the question here, for troubleshooting, is if a user is whitelisted by IP in WordFence, does that bypass every last little thing 100%? For trouble shooting? Or should I have just disabled Wordfence (can’t really do that, it’s our only security software on high traffic site).

    Confusing. User is good with computers and uses PassPack for more than 50 various site logins without any trouble.

    Hello again mountainguy2,
    Wordfence uses WordPress functions to check for valid user. That’s why I wanted to know if it was single or multi, because WordPress deals with users a bit differently depending on it.

    Yes, whitelisting an IP will allow it to bypass all security checks. If there was a problem with his username WordPress would of course still not let him log in.

    It’s happened to me occasionally that I somehow managed to save the wrong information in my password manager. So I guess a good next test would be to “unwhitelist” him and see if he can log in without the password manager then.

    Thread Starter mountainguy2

    (@mountainguy2)

    Ok, thanks so much. We tried all sorts of testing and the best we can figure out is that PassPack is somehow filling out the username dialog in a way that it triggers a failure. We have resorted to the user simply manually inputting their user name. Frustrating but such is life in the dark ages of computing (grin).

    In any case, our testing indicates this is not a WordFence issue. But perhaps someone else using PassPack might have similar problems and get their testing confused by WordFence, so this could get them thinking.

    Thanks for responding.

    MTN

    Yep, it’s always good to get it out there in case anyone else encounters a similar issue. Thanks for reporting!

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Username Lockout Frustration’ is closed to new replies.