WPSecureOps Brute Force Protect – locked me out too?

  • Resolved chrismartell

    (@chrismartell)


    9 years, 11 months ago

    Background: I just started working for this company 2 months ago. We have a main website, and a wordpress blog.

    The blog started intermittently redirecting to spam a few days ago. I went in, updated everything (very old version of WP and plugins) and added Sucuri for security & tracking.

    About 12 hours ago, we started getting hit with a brute force attack, from a server address in Russia (I’m tracking it with Sucuri). It stopped after a few hours, then the entire site (not just the WP blog) went down. I contacted our webhost and they managed to get us back up (they found some malware from before I
    updated it). Then an hour later, the brute force began again. The site was working, but slow as molasses this time (attack ongoing).

    I installed WPSecureOps Brute Force Protect. Now on my next attempt to login to WP, it tells me that I have been banned because of multiple login failed attempts. I tried the other administrator’s username & pw, and I get the same response. Sucuri sends me an email confirming that each of these failed authentication. The brute force attack is also still ongoing.

    Now I’m stuck. How do I regain access? I have cpanel access, but that’s it.

    Many thanks in advance for any assistance.

    https://www.ads-software.com/plugins/wpsecureops-bruteforce-protect/

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author WPSecureOps

    (@wpsecureops)

    Hi Chris,
    I see how this can be pretty annoying and we’ve done plenty of tests to replicate this, but with no success.
    Can you contact us via email and provide URL of the site so that we can check which hosting and what hosting environment they had configured for their sites.
    We suspect that maybe the site is running behind a proxy, which is causing ALL requests to the WordPress installation to be coming via the same IP address, which can easily cause the login protection to block all login attempts, specially if you have a ongoing attack to the backend.

    Also, you can remove the “ban” by going into your MySQL database and then to the “options” table and deleting the row which contains your IP address, with the following name:
    _transient_wpso_bfp_IPADDRESSHERE
    and
    _transient_timeout_wpso_bfp_IPADDRESSHERE

    If you don’t find your IP address there, then most likely the problem is because of a proxy running on your hosting environment, so you would always see the same ip address in there, which causes ALL requests to the admin to be blocked.

    Thread Starter chrismartell

    (@chrismartell)

    Thanks so much for your reply.

    I was able to get back in the next day. I think it was a conflict between WPSecureOps and another security plugin I was running. I have disabled the other plugin and things are fine.

    Thanks for the instructions on the MySQL ban removal. I will save those in case I run into this problem again.

    Many thanks!

    Plugin Author WPSecureOps

    (@wpsecureops)

    Btw, can you name (or email us the name of the plugin at [email protected]) so that we can try to make it work.

    We are not happy to hear that our plugins is having conflicts, so if we can resolve those from our plugin, then we will definitely do it asap ??

    Thanks,
    WPSecureOps Team

    Thread Starter chrismartell

    (@chrismartell)

    I was running both WPSecureOps Brute Force protect and also Sucuri. Thanks again for your help. ??

    Plugin Author WPSecureOps

    (@wpsecureops)

    You are welcome ?? Knowing what our users need and how they use our products is the only way for us to make them better, so thank you!

    We will test our plugins with Sucuri (again) to be 100% sure that they work together and if needed we will release an update.

    Thanks,
    WPSecureOps Team

    If I may piggy-back on this post…. WPSecureOps did the same to me yesterday, banning me for an hour. I was able to get in from a different IP, so it seems my IP specifically was being banned. I had not had 5 unsuccessful login attempts from my IP…. so I don’t know what happened. I’m back in now, but there is still some mystery.

    While this occurred yesterday, I had two other site visitors send emails claiming the site blocked them for detected spam activity.

    Is it possible I have something going on with my site? I host with hostgator and they monitor regularly, and I’ve had no alerts.

    Any ideas? Anything I should be concerned about or tweak?

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘WPSecureOps Brute Force Protect – locked me out too?’ is closed to new replies.