Users Keep Getting Blocked from Website

  • msamani

    (@msamani)


    1 year, 6 months ago

    Hi everyone, I am a bit new to WordPress since it has just recently been added to my team’s list of responsibilities. We have a Dev site that we use for testing things, but for a while supposedly, our users have been getting locked out every so often. I have attached a linked photo and I am hoping that it is working, but we are getting a page that says “Your access to this site has been temporarily limited by the site owner.” Then below that it says “Your access to this service has been limited. Please try again in a few minutes. (HTTPS response code 503)”. Lower down from that it says: “Block Technical Data. Block Reason: You have been temporarily locked out of the system. This means you are not able to login for a while.” Again, I am hoping that my image below is loading properly, but I cannot tell while I am writing this.

    Now this error is happening regardless of if those affected have 2FA enabled or disabled. I can go to the Blocked section in the admin panel and see no one is being blocked, yet a few of my users are getting this error anyway. At the same time as they are getting that error, I am able to login fine. I am generally unaffected by this issue, but there was one time that two people were getting this error, and then I tried to login for the first time and immediately got the error as well. Usually we have to wait a few hours for it to go away, but it will happen again maybe a day or two later. We tried to check any logs that we can for indications for the issue, but found nothing.

    It is consistent a problem enough that we are considering moving to a new security plugin, but we would prefer to see if we can track down what may be happening here first.

    • This topic was modified 1 year, 6 months ago by msamani.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    1 year, 6 months ago

    Hi @msamani, thank-you for getting in touch.

    Most types of lockouts generate an email alert so if you have alerts set up, you should be able to see more details about why a lockout occurred. The same details can be seen in red text on the Live Traffic page, which can be searched by IP or date range, or filtered by “Blocked” so it’s easier to find. Check the block reason by expanding the entry using the eye icon in the corner.

    If an IP is still blocked, you should be offered an “UNBLOCK IP” button in Live Traffic. If it’s returned to “BLOCK IP” (and you don’t see an IP on the blocking page any more) then the block has already been lifted.

    Certain Brute Force or Rate Limiting options could be too strict. For example, if most users are being blocked on login, we recommend not having Wordfence > All Options > Brute Force Protection > Immediately lock out invalid usernames checked as a simple typing error will result in a block. That might explain why it happens sporadically for certain users but not everybody is seeing it.

    Users will be blocked for the amount of time specified in “Amount of time a user is locked out” in the Brute Force settings or “How long is an IP address blocked when it breaks a rule” in the Rate Limiting settings depending on the rule that was broken.

    We generally recommend somewhere around 3-5 for login attempts and forgotten passwords in Wordfence > All Options > Brute Force Protection, counted over 4 hours, with a 30 minute lockout. 1 attempt is a bit too strict and open to erroneously blocking a legitimate user.

    You can dive into our documentation a little further here: https://www.wordfence.com/help/wordfence-free/

    Let us know how you get on,
    Peter.

    Thread Starter msamani

    (@msamani)

    1 year, 5 months ago

    @wfpeter the Live Traffic page is definitely helpful and provided the most information. This morning, we had another lockout and according to Live Traffic, it was due to 5 failed login attempts. I was able to unblock her account.

    The issue here though is that our company all uses 1Password to store all of our password and to act as our MFA. When we click to fill in our credentials, it then takes us to the next page and automatically fills in the MFA code. Half the time this will let us log in, and half the time it will fail. I have found that to get it to work somewhat consistently, I have to wait until there is less than 15 seconds left for that MFA code. If I do it if there is 25 seconds, then it often fails. I believe the root issue is that the MFA aspect from Wordfence is rejecting valid MFA codes more often than not, and then leading to lockouts due to failed login attempts.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Users Keep Getting Blocked from Website’ is closed to new replies.