Pyromania666

That makes sense wpsolutions. I thought Ctrl+F5 usually took care of clearing cache, but i will try actually clearing everything (cookies, offline files, etc.) and try again.
Thanks,

Thank you guys. I left that particular rule commented out in the .htaccess and sorting by tag works. Since Chesio mentioned that with the latest version of the pplugin that rule is not present, i may as well leave it out.

Thank you again for your quick responses.

*bump*
I have just seen this pop up for the first time ever as well.
Any info on it?

@mbrsolution – I found the issue that day, just didnt have time to respond back. The difference was, that while i though pingback was active, it wasn’t. I re-activated it, and all is good now.

Thanks for you help.

@mbrsolution

this is too crazy, while the solution above worked on 35/36 websites, I still have one website that is getting hit by the username “test” from different IP’s.

Here is the mind bending part:
– i changed the login page twice,
– enabled pingback protection
– enabled Cookie Based Brute Force Prevention
– enabled login captcha

These were done in that order, and each option enabled, waited, got hit again, enabled next one, etc.
Still was getting locked out notifications with user “test” and a different IP.

so I figured, how can he try and login if i block access altogether by IP. So only my IP has access to the login.

STILL not even 15 minutes after and I get an email, and I continue to receive emails:
———————————–
A lockdown event has occurred due to too many failed login attempts or invalid username:
Username: test
IP Address: 5.55.44.0

IP Range: 5.55.44.*

Log into your site’s WordPress administration panel to see the duration of the lockout or to unlock the user.
————————————-

Any other ideas guys?

UPDATE:
by enabling pingback protection in the firewall option, it seems that attacks have stopped. I will update if this is just coincidence. But so far, any web sites i have enabled protection on, is not getting hit anymore.

On a site that i know for a fact a few of these Site Lockouts with username “test” i just tried what @wpsolutions said and i get a standard 404 page “You 404’d it. Gnarly, dude.” LOL.

@wpsolutions, let me know if that helps or if there is anything you wish me to try. I got sites that have only “All In One WP Security” installed and others that have AIOWPS and Wordfence.

I have turned on pingback requests in the firewall, and i still have to see if those specific site are getting hit still. It must be the same bot, since the username it’s using is “test” but the IP keeps changing.

i have enabled pingback protection on some of the sites, but Cookie Based Brute Force Login Prevention was setup on almost all of them.

Actually, any conflict in between the two plugins has nothing to with the original question here. I am running this plugin on multiple sites, some without wordfence installed.

What seems to be happening is somehow the website is still being attacked from multiple ip’s targeting the username “test”.

This is particularly odd, like op originally posted, the default wp login page has been changed and is no longer, or should no longer be /wp-admin .

SO the question is, how is the website being attacked at the new url, by trying to brute force with username “test” and what can be done to put a stop to this.

Is this happening on Chrome?
or same thing with firefox?

try adding this to your .htaccess
RequestHeader unset HTTPS

Also check this:
https://www.zdnet.com/article/brand-new-chrome-44-release-added-a-bug/

Check Different browsers. If this is happening on Chrome version 44 then it could be only the latest issue with Chrome:
https://www.zdnet.com/article/brand-new-chrome-44-release-added-a-bug/

Same thing happened to me, update complete messed up the pages that were using this plugin. It stopped recognizing it’s own shortcodes.
bad move dev!

Anyways, to fix mine i have reverted back to the previous version by going to github
https://github.com/tareq1988/WP-User-Frontend/releases
and i went back to version 1.3

everything is back to normal for me.

Hope this helps!

login to your FTP, navigate over to /wp-content/plugins/ and rename the folder /wp-video-posts/ to something else.

Try to log in again afterwards. Also, use permalinks.

Awesome, thank you perdrix for confirming.

Oddly enough my websites were single site per domain, installed on the root. No sub-domains for either.