pronl

@belleair

That email turns out to be part of the PRO User Security Check feature…

I know, still no answer to your question. But that’s what you can expect when posting on the wrong forum ??

As a paid PRO customer you can visit the iThemes Member Panel to create a support ticket.

@brothma1

That’s the option that automatically stores/whitelists all Admin IPs temporarily.
This happens automatically when administrators log into the Dashboard.

The other one I was talking about is the one that stores/whitelists IPs permanently.
So this option stores IPs YOU manually added in the Global Settings module (Lockout White List setting).

@brothma1

If you are on the iTSec plugin 5.4.0 or higher release there should be an
‘itsec-storage’ option_name. If you are looking at a database backup from an older iTSec plugin release, you are right it won’t exist. If that is the case you should look for the older option named ‘itsec_global’. I did make one mistake, you should look for the lockout_white_list setting (not host_list).

Note it is ‘itsec dash storage’ (where all of the older options were stored as ‘itsec underscore feature’ options.

@oliviafunctionalyoga

Start your browser. Type in: https://www.google.com
Enter: wordpress user enumeration
Search and then start reading …

Not the answer you were looking for but if you start understanding how your site usernames are harvested you are one step closer to preventing it from happening.
The iTSec plugin has features in the WordPress Tweaks module which help mitigate user enumeration.

For an answer to your question …
Enter: wordpress change username

@brothma1

Get it from a database backup.

It’s in the wp_options table, option_name=’itsec-storage’. Search for host_list.

@belleair

As far as I know the iTSec plugin does not send an email about ‘inactive users’.
What makes you think it’s an iTSec plugin email ?

@answerman4

Try and set WP_DEBUG to true in the wp-config.php file.
And check the web server error_log for any relevant errors.

The Maximum execution time of 30 seconds exceeded error points towards the File Change Detection feature (better-wp-security/core/modules/file-change/scanner.php).
Disabling the File Change Detection module could help.

@oliviafunctionalyoga

Yup, you’re missing something … (Sorry, couldn’t resist ;-))
It’s there allright …
Do some proper reading: Introducing the New iThemes Security Dashboard

Pay special attention to the Advanced Settings and/or New Dashboard FAQs sections.

@snap-shot

Ok, so where is that “Too many faileed login, try again in the next 8 hours” message coming from ? It’s not a default iTSec plugin message …

@jeffwilliams-1

The Filter Suspicious Query Strings setting in the System Tweaks module blocks any URLs which contain the string “request”.

Disable it and you should be able to continue using the iTSec plugin.

@snap-shot

By default the iTSec plugin locks a user or IP out temporarily for 15 minutes.
Did you modify any of the default (lockout) settings ?

Also “Too many faileed login, try again in the next 8 hours” is not a default iTSec plugin message. Did you change it (which is possible) ?

If not, is there any other active plugin that may be at work here ?

@jeffwilliams-1

Please post the link from the email (replace the domain with https://www.example.com).

Easy, it should not be there.

But a 6 months old topic that does not seem to be caused by the iTSec plugin suddenly shows up in this forum …

Looks to me like this topic does not belong in this forum.

• This reply was modified 8 years, 5 months ago by pronl.
• This reply was modified 8 years, 5 months ago by pronl.

@botzev

Probably a bug due to a recent code optimalization in the Away Mode feature.
According to the 5.4.0 Changelog:

Enhancement: Improved code efficiency of the Away Mode feature so that it takes less processing time when active.

@databell96

Was WordPress not updated to the latest release (4.6.1) ?