Brute force not working

  • Resolved tiagorodriguesweb

    (@tiagorodriguesweb)


    2 years, 2 months ago

    Hi,

    I just tested manual brute forcing this website and I see the brute force protection is not working. I tried to log in with a wrong password and I don’t get blocked, when I should, I think. Ip address is not whitelisted.

    Can you help?

    Thanks

    Tiago

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • nlpro

    (@nlpro)

    2 years, 2 months ago

    Hi @tiagorodriguesweb,

    Just attempted 5 logins and I got locked out. So it’s working fine.

    Your IP is probably automatically (temporarily) whitelisted because you successfully logged in as an Administrator user to the Admin Dashboard before testing brute force from the same IP.

    You cannot see in the Solid Security UI which IPs are automatically (temporarily) whitelisted due to successfull login by an Administrator user. Note such IPs are removed from the whitelist after 24 hours.

    Oh, almost forgot to mention. You can disable the temporary whitelist by adding the line below to the wp-config.php file:

    define( 'ITSEC_DISABLE_TEMP_WHITELIST', true );

    +++ To prevent any confusion, I’m not SolidWP +++

    • This reply was modified 2 years, 2 months ago by nlpro.
    • This reply was modified 2 years, 2 months ago by nlpro.
    • This reply was modified 2 years, 2 months ago by nlpro.
    Thread Starter tiagorodriguesweb

    (@tiagorodriguesweb)

    2 years, 2 months ago

    Hi @nlpro,

    Thanks for your response.

    I just tried to log in on my computer (private mode, new ip) and it’s working fine, but on my phone I don’t get locked out. I never logged in to that site on my phone so maybe it’s a mobile problem only.

    nlpro

    (@nlpro)

    2 years, 2 months ago

    Hi @tiagorodriguesweb,

    Are you logging in from the mobile phone using the WordPress app or from a browser (Android or Apple iOS)?

    Thread Starter tiagorodriguesweb

    (@tiagorodriguesweb)

    2 years, 2 months ago

    Hi @nlpro,

    I’m using Chrome (android version, private mode).

    nlpro

    (@nlpro)

    2 years, 2 months ago

    Hi @tiagorodriguesweb,

    Ok, I see. Probably best to have a look at the SolSec plugin Logs page. Filter for modules “Local Brute Force” and “lockout”.

    Plugin Support chandelierrr

    (@shanedelierrr)

    2 years, 2 months ago

    Hi @tiagorodriguesweb, checking in here to see if you still need help.

    Can you please let us know what you see on your Security Logs per @nlpro’s advice?

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Brute force not working’ is closed to new replies.