nellgwyn's Replies | ww.wp.xz.cn

Forum Replies Created

Viewing 3 replies - 1 through 3 (of 3 total)

Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] instant lockout feature locked out whole office's IP range?

Thread Starter nellgwyn
(@nellgwyn)

10 years, 6 months ago

For User Login settings, we have these enabled:
-Enable Login Lockdown Feature
-Allow Unlock Requests (but this was added after the mass lockout incident)
-Max Login Attempts = 4
-Login Retry Time Period (min) = 3
-Time Length of Lockout (min) = 120 (at the time of the incident; now it’s 30)
-Display Generic Error Message
-Instantly Lockout Invalid Usernames
-Notify By Email

Thanks!

Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] instant lockout feature locked out whole office's IP range?

Thread Starter nellgwyn
(@nellgwyn)

10 years, 6 months ago

No, we do not have any Whitelist features enabled.

Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] instant lockout feature locked out whole office's IP range?

Thread Starter nellgwyn
(@nellgwyn)

10 years, 6 months ago

Thanks for your reply, and sorry for my delay.

All three people (the initial user, the website manager, and the IT guy) were using their own usernames – nobody was sharing login info. Sorry if that wasn’t clear before. Our confusion stemmed from this seemingly being a blanket lockout across the office’s range of IP addresses, which also extended across multiple usernames.

We actually do have several Brute Force options enabled – the site login page is renamed, we have a captcha on the login form, and we have the honeypot enabled.

Viewing 3 replies - 1 through 3 (of 3 total)