WordFence blocking all users!

  • Resolved ntjedge

    (@ntjedge)


    7 years, 7 months ago

    Hello,

    I have been using Wordfence for so long and never had any issues. Today I came across one and it is really weird.

    I was unable to access the site – I get an error “Your access to this site has been limited”. I was informed by customers that my site is inaccessible from their locations as well. I tried multiple ISPs and tried connecting through a VPN, same thing! Basically, my website was locked safely by Wordfence and nobody could see it ??

    See screenshot: https://imgur.com/a/YdsaS

    Though the message says “The reason your access was limited is: “Blocked by login security setting.” – I didn’t try to login, just visiting my website homepage.

    I used the email form and got access to the Wp-admin and I see that in the firewall stats the maximum blocks have been with my own server IP! I do not know how & why it is blocking my own server IP.

    See screenshot of my server IP in the blocked list: https://imgur.com/a/Q83lt

    I enabled Live Traffic and see that most blocks are for the following
    Screenshot 1: https://imgur.com/a/KhCDg
    Screenshot 2: https://imgur.com/GlEQev7

    Clearing the blocked IPs enabled access to the site but the same problem has cropped up after a few minutes.

    I have disabled Wordfence for now.

    What could be the reason for this?

Viewing 5 replies - 1 through 5 (of 5 total)

  • First off, even before knowing the root cause of the blocks.
    If you are seeing this message, you have something catching wrong on logins.
    So, you can eliminate the problem temporarily, by going to your Options page and unchecking “Enable login security”.

    With Login Security turned off, these blocks and this message cannot happen. You can then keep the rest of WordFence’s security measures running while you figure all this out. Not letting yourself wide-open to the world by having the whole plugin disabled. ??

    Secondly, the only thing that can produce this particular error message, is if WordFence (rightly or falsely) believes that users are trying to login with a banned user name.

    So you might want to check the content of your banned user list.
    (Setting on Options page: Immediately block the IP of users who try to sign in as these usernames).

    Third, if your banned user list is not containing any goofy things, have you by any chance enabled any other security/login related plugins recently? Such as “User Blocker” or any other plugins that can add to the authentication chain in WordPress?

    Hello @ntjedge
    Do you know if there is a reverse proxy configured on your server or not?
    Getting the server IP logged in Live Traffic instead of the real visitor’s IP is an indicator of this issue explained here.

    I have a doubt that “How does Wordfence get IPs” isn’t configured correctly, can you please share a screenshot showing (Wordfence > Tools => Diagnostics => IPs section)? or even better you can email the diagnostics report to “alaa [at] wordfence [dot] com”, make sure to include the forum username so I can easily recognize the report.

    Thanks.

    Thread Starter ntjedge

    (@ntjedge)

    Hi,

    Thank you @crudhunter for your suggestions.

    1 – I disabled the option “Enable login security” and cleared the Blocked IP list. Now I can view the website & so can my users. I wonder how I missed that option in the first place!

    2 – Nobody was trying to login, the homepage itself was blocked. Even when coming from Search engines. I check the banned user list, nothing out of order.

    3 – My plugins list is very conservative. Nothing that touches anything that does anything with WordPress logins :). Not even a caching plugin.

    Here’s the list, if it helps.
    – Contact Form 7
    – Developer Mode
    – Duplicate Post
    – Really Simple SSL
    – Slider Revolution
    – Templatera
    – Wordfence Security
    – WP Migrate DB
    – WP-SpamShield
    – WPBakery Visual Composer

    Yup, that’s all. I have disabled Duplicate Post, Templatera & WP Migrate DB as I don’t need them currently.

    Any of those plugins according to you, could mess with WordPress authentication chain?

    Thanks again for your assistance!

    Thread Starter ntjedge

    (@ntjedge)

    Hi @wfalaa, thank you for chiming in.

    > Do you know if there is a reverse proxy configured on your server or not?
    As far as I know, I don’t think so. I am not using CF. Nothing has changed recently on my server either, nor on my website. If something had changed on my server then it should have affected my other sites too (all running auto-updated WordPress with Wordfence – some using CF, some not) with a similar set of plugins – I stick to the ones I have been using for long.

    I followed your link about server IP logged in Live Traffic instead of the real visitor’s IP. My site is currently set to “Let Wordfence use the most secure method to get visitor IP addresses. Prevents spoofing and works with most sites”. I guess that’s the default?

    Surprisingly, it is showing my current IP address just below the drop-down. On enabling Live Traffic, I can see that is showing correct IPs of the visitors – no more server IPs. And I didn’t make any changes that might have ‘fixed’ the issue. Somehow it’s back to normal.

    I cannot re-enable the option “Enable login security” for now and risk blocking all visitors again. I will do it later in the day when the traffic is lower. I will also email you the report if required once I test it.

    Thank you for your assistance in this matter ??

    There is one more level of security you can turn back on first, if you now know that it is overall working.

    As mentioned, that particular block message “Blocked by login security setting”, can ONLY be seen under a combination of two conditions.

    a) Login Security (which is a global switch for all login sec) must be on.

    b) WordFence under Login Security checks multiple things. That message can only happen, when WordFence for some reason thinks it has hit a user name in your

    “Immediately block the IP of users who try to sign in as these usernames”

    setting.

    From that, it would logically follow, that if you first clear that user-name list, make sure that field is completely empty, you can turn back on the “Login Security”, to regain all the other checks. It then still could/should not be able to find banned usernames to produce the “Blocked by login security setting” on. ??

    If you see that message again, but with an empty blocked users list, something is going VERY haywire, since PHP would seems to have stopped executing logically. ??

    Before you clear it, please save a copy, so you can tell us what was in it. ??

    Nothing with authentication issues in your plugins list, that I can see.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘WordFence blocking all users!’ is closed to new replies.