Lockout release – not all data given

  • eitanc

    (@eitanc)


    7 years, 1 month ago

    Hi,
    At https://ithemes.com/security/fixing-ithemes-security-lockouts/ you explain how to remove lockouts, but it is not full and performing what is written in it – does not solve the issue, since there are blocking commands at the .htaccess file that is located at the root of the site, and only when these commands are either marked as comments (adding the # sign at their beginning) or deleting these lines – actually remove the lockout.
    Please enhance this article.
    Thanks.
    Eitan

Viewing 1 replies (of 1 total)
  • nlpro

    (@nlpro)

    7 years, 1 month ago

    If that article was dated you would see it is outdated. Basically ignore the article. It’s really really really old and it’s bad.
    iThemes should delete it …

    Below a short explanation of lockouts and bans.

    Lockout – temporary (default 15 min but configurable). Stored in the database.
    Ban – permanent. Stored in the web server config file (Apache/Litespeed .htaccess, Nginx nginx.conf).

    By default 3 lockouts within 7 days results in a ban. This is configurable.
    Any user (IP) with administrator role is automatically whitelisted (temporary) when successfully logged into the WordPress Dashboard.
    This info is temp stored in the database (wp_options table).

    Because lockouts are temporary you can simply wait for them to be released. Or if you can’t wait, release lockouts as an administrator user from the WordPress Dashboard. The iTSec plugin UI provides an Active Lockouts widget. Search for it in the side panel of the plugin Settings or Logs page.

    DO NOT MANUALLY REMOVE LOCKOUTS IN THE DATABASE !

    Bans (IP) can be removed from the Banned Users module.

    DO NOT MANUALLY REMOVE BANNED IPs FROM THE .htaccess (OR nginx.conf) file !

    To prevent any confusion, I’m not iThemes.

Viewing 1 replies (of 1 total)

The topic ‘Lockout release – not all data given’ is closed to new replies.