Users with same IP are locked out

1. Log into WP Dashboard and click on the Security menu option. Then click on the blue Temporarily Whitelist my IP button.

2. Or click on the Settings tab and at the Lockout White List setting in the Global Settings section click on the blue Add my current IP to Whitelist button. Then click on the blue Save All Changes button.

The above assumes your ip address is identical to the ip address of
users sitting at schools …
Otherwise simply enter their ip address at 2.

dwinden

Great, thanks! I found something like this and hoped this might solve it, but haven′t got it confirmed yet.
Lisa

Another question: Do know any (safe way) to not get this problem in the first place? I′getting a lot of new traffic from new schools all the time, and it would be nice if they weren′t blocked from the start. But I guess it′s no simple way to do this, without reducing the security level to a really low level.
Lisa

@lisa

I’ll need a little bit more info in order to be able to answer your question. All I know right now is:

… some users accessing from the same IP-number at the same time are locked out (or receiving the 404-page).

– What exact lockout msg is displayed to the users ?
– Is the iTSec plugin 404 Detection setting enabled ?
– A screenshot of the iTSec plugin Logs page would help.

dwinden

Hi!
Sorry for not getting back to you, tried to mail you a print of the screen. Paste it

I had the 404 Detection setting enabled, but have changed that now. Just whiteilsting IP:s didn′t work.

I′m sorry that I can′t answer the lockout msg. They say they got a white page. The strangest thing is that they say it works fine at one computer, but doesn′t work when more computers at the same IP is added.

I′ve seen in the 404 error log that a lot of them are connected to favicon-2.ico. I′ll try to find a way to stop that problem.

Some of the log:

404 Error 3 2015-09-07 16:11:53 193.183.253.33 /wp-content/uploads/2014/11/favicon-2.ico Details
404 Error 3 2015-09-07 16:10:20 80.254.244.194 /wp-content/uploads/2014/11/favicon-2.ico Details
404 Error 3 2015-09-07 16:09:30 80.254.244.194 /wp-content/uploads/2014/11/favicon-2.ico Details
404 Error 3 2015-09-07 16:09:14 91.189.41.177 / Details
404 Error 3 2015-09-07 16:09:02 5.178.78.78 /wp-content/uploads/2014/11/favicon-2.ico Details
404 Error 3 2015-09-07 16:08:38 168.1.92.52 /wp-content/uploads/2014/11/favicon-2.ico Details
404 Error 3 2015-09-07 16:04:36 80.216.234.142 /wp-content/uploads/2014/11/favicon-3.ico Details

Ok, no worries.

Not much info to go on but it looks like they are getting a host lockout (= white screen with only text “error” displayed).
Host lockouts are caused by invalid login attempts and\or 404s.
Basically the iTSec plugin doing its job …

Indeed disabling the 404 Detection setting could help prevent as there seem to be a lot of 404s in the Logs page.

Then fix the 404 error(s) related to the favicon-2.ico and favicon-3.ico files.
Not sure why variants of favicon.ico are being used …
Do the favicon-2.ico and favicon-3.ico files exist in the /wp-content/uploads/2014/11/ folder ? Does that folder even exist ?
If it all exists try to access them directly:

https://www.yourdomain.com/wp-content/uploads/2014/11/favicon-2.ico
https://www.yourdomain.com/wp-content/uploads/2014/11/favicon-3.ico

Found this piece of recent info related to adding a Site Icon to WordPress:

From WordPress 4.3 onwards, it is recommended that you use the Site Icon feature that is built into WordPress. The Site Icon feature can be found by going to Appearance -> Customize and clicking on Site Identity.

dwinden

@lisablohmster

If you require no further assistance with this topic please mark it as ‘resolved’.

dwinden