Cannot log in – unless going through GoDaddy account

Home Forums BulletProof Security Free Cannot log in – unless going through GoDaddy account

This topic contains 1 reply, has 2 voices, and was last updated by  AITpro Admin 1 year ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #32799

    Wm
    Participant

    I am unable to log in directly to my WP-Admin now unless I log in through the GoDaddy Managed WordPress page. (My graphic designer can’t access at all, as I don’t give her access to all of my GoDaddy accounts.) I’m really not as stupid as I feel trying to troubleshoot this, but I can’t find a way to allow access to /wp-admin/login.php without having to go through the GoDaddy account panel.

    Here is my latest security log entry:

    [403 GET Request: March 25, 2017 - 9:07 am]
    BPS: .54.5
    WP: 4.7.3
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: my.home.ip.address
    Host Name: my.home.ip.address
    SERVER_PROTOCOL: HTTP/1.1
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-login.php?redirect_to=http%3A%2F%2Fmywebsite.com%2Fwp-admin%2F&reauth=1
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/602.4.8 (KHTML, like Gecko) Version/10.0.3 Safari/602.4.8
    

    I do have my.home.ip.address entered in the .htaccess core file:

    # CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION
    # Protect wp-login.php from Brute Force Login Attacks based on IP Address
    <FilesMatch "^(wp-login\.php)">
    Order Allow,Deny
    # Add your Public IP Address using 2 or 3 octets......
    Allow from my.home.ip.address
    </FilesMatch>
    

    Could I have something wrong because of GoDaddy Managed WordPress hosting? What file/setting should I be looking at to allow me to log in to my website without going through the GoDaddy account?

    Thanks,
    Wm

     

    #32800

    AITpro Admin
    Keymaster

    Yep, most likely your IP based Brute force login code is causing the login problem.  Typically a public IP address automatically changes every 3-10 days by your Internet Service Provider (ISP).  So to be able to login to your site, you should delete your Root htaccess file, login and then probably delete the IP based Brute force login protection code in BPS Custom Code so this problem does not occur again.  😉 You can try and whitelist the first or second octet of your public IP address if you want to continue to use the IP based Brute force login code.  See this forum topic for additional help info > https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/

    # Add your Public IP Address using 2 or 3 octets so that if/when
    # your IP address changes it will still be in your subnet range. If you
    # have a static IP address then use all 4 octets.
    # Examples: 2 octets: 65.100. 3 octets: 65.100.50. 4 octets: 65.100.50.1

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.