doesnt automatically lock out users using specific mentioned usernames

  • Resolved hurry

    (@extremist87)


    1 year, 9 months ago

    i have wordfence installed, and i have a few usernames that i want wordfence to immediately lock out and prevent further attempts, once of the usernames is ‘admin’, however a user can still try and login multiple times until they finally hit 6 attempts and then it locks them out

    A user with IP address 172.68.207.169 has been locked out from signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 6. The last username they tried to sign in with was: ‘admin’.

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    1 year, 9 months ago

    Hi @extremist87, thanks for reaching out.

    I have admin set and was just successfully blocked when trying to use it. Live Traffic gives Blocked by login security setting as the reason as expected when the Immediately block the IP of users who try to sign in as these usernames setting is the deciding factor.

    The only occasion this setting might be ignored is when the username matches a real username on your site, the SAVE CHANGES button hasn’t been used on the All Options page, or caches in place on your site/server/database are still loading the pre-change settings. In the latter case, the caches may need clearing.

    Failing that, if you don’t have a large number of users, Immediately lock out invalid usernames could be checked in an attempt to deal with the randomly picked usernames. However, this is generally against our recommendations for online stores, forums, etc. where common mistakes like mistyping a username will result in a higher quantity of blocks for real users.

    Let us know if you observe anything else or nothing seems to change when trying the above,
    Peter.

Viewing 1 replies (of 1 total)

The topic ‘doesnt automatically lock out users using specific mentioned usernames’ is closed to new replies.