Wordfence User Lockout not working

  • I’m a long time user of Wordfence and absolutely love it. However, just recently it stopped locking out users with invalid user names as well as users with failed login attempts. I have uninstalled it completely (including: Delete Wordfence tables and data on deactivation), reinstalled the latest version of WP 3.9 and latest version of WF 5.04. However, it is still not locking users out.

    Please advise as to how I can troubleshoot this issue? I have many attempts a day and need this option to be working asap. Sincerely, /Jsep

    https://www.ads-software.com/plugins/wordfence/

Viewing 9 replies - 1 through 9 (of 9 total)
  • Thread Starter jseppe

    (@jseppe)

    Also, as you can see Wordfence SQL tables (below), it detects the invalid login but doesn’t do anything about it. I have Wordfence configured to lock out invalid users immediately and failed logins after 2 attempts. Any help is greatly appreciated.

    fail action username userID
    1 loginFailInvalidUsername admin 0
    1 loginFailInvalidUsername j 0
    1 loginFailInvalidUsername jadf 0
    1 loginFailInvalidUsername fake 0
    1 loginFailInvalidUsername fake 0
    1 loginFailInvalidUsername fake 0
    1 loginFailInvalidUsername fake 0
    1 loginFailInvalidUsername jjj 0
    1 loginFailInvalidUsername jalsdjf 0
    1 loginFailInvalidUsername laksjdfl 0
    1 loginFailInvalidUsername alsfdjla 0
    1 loginFailInvalidUsername adminn 0
    1 loginFailInvalidUsername adminn 0

    Thread Starter jseppe

    (@jseppe)

    Hi folks,

    I really need this to work but haven’t received any responses from support on this forum. Is it possible to enable debugging to find out why it is not locking out users? I just installed Better WP Security on one of my instances and the lockout feature works flawlessly.

    Thanks in advance.

    Hi,

    I’ve just tested with 2 attempts also. And that just don’t work. Same versions as jseppe (WP 3.9 et Wordfence 5.0.4).

    Why this don’t work ? Is it a bug or a break issue with WP 3.9 ? Or anything else ?

    Thanks to Wordfence developers to take of their time to give us a way to resolve this.

    Bye

    Hi all, I am also having some issues with this. It IS locking them out, but I’ve gotten 25 notifications from DIFFERENT IP addresses over the weekend (of which none show up with a country flag). So, I’m not sure if they are just bots or what. But is this normal? I’m thinking about deselecting the setting that allows for me to get an e-mail just so my inbox isn’t flooded. Before, I was individually blocking each IP. But it doesn’t seem to be coming from a specific person.

    Any thoughts?

    Plugin Author Wordfence Security

    (@mmaunder)

    Hi @jseppe

    Have you tried locking yourself out from an IP address on a mobile device or something other than your primary form of internet access? That way you can login and unlock yourself. I’d like to confirm this isn’t working.

    Regards,

    Mark.

    Thread Starter jseppe

    (@jseppe)

    Hi Mark,

    Apologies for not getting back to you right away. This is still not working for me. I started with a fresh install of WP 3.9.1 and WF 5.0.7. I’ve tried it from my phone, other computers, and different browsers. I am not seeing anything wrong in the apache error or access logs. I see no issues with sql access.
    I also wrote a selenium script which loops and attempts to login as admin and had it cycle for almost 5 minutes with a 2 second delay. It never locks out the user. I’ve also tried other non-existant users, no luck. I also added admin and administrator to the new section to block out users. Please advise as to how I can further troubleshoot this issue. I’m happy to debug the issue if you can point me in the right direction. It is maddening and has consumed a great deal of time – I just want to fix it.

    Regards,
    Jsep

    I am having this problem on several sites now.

    It worked great, then with the last updates (? about which one) it stopped working and now with the added Stats on Dashboard, keeps lising all the NON-users and “Existing User” “Yes” in green. It’s 1000s of attempts — not locking them out at all.

    Had to put on another security plugin to handle it…

    How long does the setting say to lock someone out when they break a rule?

    tim

    They differ (several sites) some 1 hour, some a lot longer. And there is never a listing in Login Lockout IP area. They are always blank even when I lock an IP out. They used to be populated.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Wordfence User Lockout not working’ is closed to new replies.