Home › Forums › BulletProof Security Free › Cannot log in – unless going through GoDaddy account
- This topic has 1 reply, 2 voices, and was last updated 7 years, 1 month ago by
AITpro Admin.
-
AuthorPosts
-
Wm
ParticipantI am unable to log in directly to my WP-Admin now unless I log in through the GoDaddy Managed WordPress page. (My graphic designer can’t access at all, as I don’t give her access to all of my GoDaddy accounts.) I’m really not as stupid as I feel trying to troubleshoot this, but I can’t find a way to allow access to /wp-admin/login.php without having to go through the GoDaddy account panel.
Here is my latest security log entry:
[403 GET Request: March 25, 2017 - 9:07 am] BPS: .54.5 WP: 4.7.3 Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: my.home.ip.address Host Name: my.home.ip.address SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: /wp-login.php?redirect_to=http%3A%2F%2Fmywebsite.com%2Fwp-admin%2F&reauth=1 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/602.4.8 (KHTML, like Gecko) Version/10.0.3 Safari/602.4.8
I do have my.home.ip.address entered in the .htaccess core file:
# CUSTOM CODE BRUTE FORCE LOGIN PAGE PROTECTION # Protect wp-login.php from Brute Force Login Attacks based on IP Address <FilesMatch "^(wp-login\.php)"> Order Allow,Deny # Add your Public IP Address using 2 or 3 octets...... Allow from my.home.ip.address </FilesMatch>
Could I have something wrong because of GoDaddy Managed WordPress hosting? What file/setting should I be looking at to allow me to log in to my website without going through the GoDaddy account?
Thanks,
WmAITpro Admin
KeymasterYep, most likely your IP based Brute force login code is causing the login problem. Typically a public IP address automatically changes every 3-10 days by your Internet Service Provider (ISP). So to be able to login to your site, you should delete your Root htaccess file, login and then probably delete the IP based Brute force login protection code in BPS Custom Code so this problem does not occur again. 😉 You can try and whitelist the first or second octet of your public IP address if you want to continue to use the IP based Brute force login code. See this forum topic for additional help info > https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/
# Add your Public IP Address using 2 or 3 octets so that if/when
# your IP address changes it will still be in your subnet range. If you
# have a static IP address then use all 4 octets.
# Examples: 2 octets: 65.100. 3 octets: 65.100.50. 4 octets: 65.100.50.1 -
AuthorPosts
- You must be logged in to reply to this topic.