dwinden

@dcoplan

Site URL ?

dwinden

@vladimir Vassilev

Even though the setting is using the word “ban” it is actually performing a temporary lockout.

So the word “ban” should be replaced with “lockout”, like:

Automatically lockout “admin” user [x] Immediately lockout a host that attempts to login using the “admin” username.

Assuming default settings and the Blacklist Repeat Offender setting is enabled a host/IP will be banned after 3 temporary lockouts within 7 days on supported web servers.

dwinden

@giladct

The user has been locked out until 2016-08-27 11:21:21

Wait until the temporary user lockout expires.
(By default a temporary lockout expires after 15 minutes).
Or login with another user (which is not temporarily locked out).

You should NEVER use a user named “admin”. Change it.

dwinden

@mpfefferle

This information is totally incorrect and extremely unrespectfull.
Do note this is still a free plugin and it still includes the Hide Backend feature.

dwinden

@tadam123

Every translation issue reported in this topic can be fixed by adding a contribution to the iTSec plugin translation on translate.www.ads-software.com.
So I guess this topic can be marked as ‘resolved’.

dwinden

@spectodesign

Check out my last post in this topic.
Perhaps it will help you.

dwinden

@tadam123

This is a specific response to your “one more discrepancy” post.

You may be interested in reading this topic.

dwinden

@sabrinaco

Thank you for providing that info.

You may be interested in reading this topic.

dwinden

@sabrina

What web server and what version of that web server is your site using ? (Apache, Nginx, MS IIS).

dwinden

@benjaminbradley

268435456 bytes = 256 MB

The iTSec plugin Database Backup and File Change Detection features will set the minimum memory limit to 256 MB if less than 256 MB is detected.

ITSEC_Lib::set_minimum_memory_limit( '256M' );

dwinden

@frustrated999

The iTSec plugin uses the WordPress admin_email address as “From:” address.
Try and change the admin_email address under the WordPress Settings->General menu option.

dwinden

@notrobo

I think I already answered that question in my previous post.
But just to make sure there is no misunderstanding the answer to your question is: No.

dwinden

@marionfw

If Benjamin’s suggestion does not help, please try disabling the Default Blacklist setting (if enabled) in the Banned Users module and see if that helps.

dwinden

@notrobo

Anyway unless you have solid proof that the server was compromised as a result of a vulnerability in the iTSec plugin we can’t really be of any help to you on this forum.

The iTSec plugin is designed to harden WordPress security.

Once someone eg gets a hold of your FTP login credentials there is no WordPress security plugin that is going to stop that attacker from logging into the server and delete whatever they want to.

dwinden

@marinec91201

There is no point in fixing an issue in the WordPress web application layer for which the root cause is in the web server layer.

I’ve said it before and I’ll repeat:

The root cause of this issue is in the (Apache) web server configuration of your hosting provider.

Deactivate and delete the iTSec plugin and you will see that you are still able to access the WordPress login page using wp-login.
But wp-login is not a default login page slug. It is only in your hosting env.

Talk to your hosting provider. If they know what they are doing they will fix this (Apache) web server configuration issue for you.

dwinden