Home › Forums › BulletProof Security Free › Login Security – User account is locked
Tagged: Login Security
- This topic has 10 replies, 3 voices, and was last updated 5 years, 8 months ago by
Francesca.
-
AuthorPosts
-
Lois L Young
ParticipantHi everyone,
Hopefully someone can help! Totally locked out of WordPress site and unlock instruction do not work. Need help to get back into site. Even after the lock out period was over still could not log back in.
AITpro Admin
KeymasterUse FTP or your web host control panel file manager and rename the /bulletproof-security/ plugin folder to be able to login to your website. See this forum topic link for things you can do to prevent your user account from being locked repeatedly:
http://forum.ait-pro.com/forums/topic/user-account-locked/#post-12634https://forum.ait-pro.com/forums/topic/read-me-first-free/#bps-free-general-troubleshooting
If your are unable to login to your site due to an issue/problem with Login Security, rename the /bulletproof-security plugin folder to /_bulletproof-security, log back into your website, rename the /_bulletproof-security/ plugin folder to /bulletproof-security/ and correct the issue/problem.
ParticipantIf your are unable to login to your site due to an issue/problem with Login Security, rename the /bulletproof-security plugin folder to /_bulletproof-security, log back into your website, rename the /_bulletproof-security/ plugin folder to /bulletproof-security/ and correct the issue/problem.
I am currently using this however when I go to log in the user name and password screen just comes back. The site does not load. An email with a successful login is sent. Again the dashboard doesn’t load so although the plug in thinks the log in was successful it was not.
Any help would be greatly appreciated
KeymasterI don’t understand exactly what you are saying. It sounds like you are describing a completely different problem than not being able to login due to login due to a user account being locked out. What happens when you rename the /bulletproof-security/ plugin folder? Can you login? Does the WP Dashboard load? What exactly are you seeing? You can take a screenshot of your WP Dashboard and add the link in your forum reply.
Francesca
ParticipantHi, I’m new to this forum so apologies if I’m writing this in the wrong thread.
I’m getting emails that my account has been locked due to too many failed login attempts but I haven’t tried to login! (apart from after the first time when the time out ended so I could update my security and block the offending IP address).
I’m now concerned that spammers are targeting my site (why I’ll never know as it’s nothing special). Should I be concerned? I’ve blocked the IP addresses, downgraded my account to editor and created a new admin username and password but is there anything else I should do?
Thanks!
KeymasterSpamBots and HackerBots use something called “enumeration” to get your user account names from your website. They can check for the author id in your website pages Source Code and can now also check WP JSON Users to get all of your user account names for your website. 99% of all hacking and spamming is automated with SpamBots and HackerBots. It is very rare when a human being will actually attempt to hack or spam a website. You can use/add these additional BPS Bonus Custom Codes for your website: https://forum.ait-pro.com/forums/topic/wordpress-author-enumeration-bot-probe-protection-author-id-user-id/ and https://forum.ait-pro.com/forums/topic/wp-rest-api-block-json-requests-to-users-comments-routes/ to prevent Bots from getting all of your website user account names. Other things you can do: http://forum.ait-pro.com/forums/topic/user-account-locked/#post-12634
Spamming and hacking is automated and goes on all day > every day > all year > til the end of time… For example our websites get around 10,000+ Brute Force login attacks and other SpamBot and HackerBot automated attacks per day > every day… The popularity of a website only means how much more or less SpamBot and HackerBot attacks your website will have every day > all day > all year > every year…
ParticipantThanks for responding @AITpro Admin scary stuff!! I’ll take a look at the links you sent and hopefully I can action your recommendations (my technical WordPress knowledge is limited).
When I do get an email saying login locked, can I ignore it? …..Thanks
KeymasterYes, you can ignore the email alert sent when a User Account is locked, but it would be better to prevent User Accounts from being locked by SpamBots and HackerBots so you do not have to keep unlocking them all the time. 😉
If you create a new WordPress Administrator User Account and only use that new WP Admin User Account to login to your website (never use the WP Admin User Account to create a Post or Page or Comment on your website) then that User Account will never be locked and you can use it to unlock any User Accounts that were locked.
Since we are using BPS Pro JTC Anti-Spam|Anti-Hacker on this forum site it does not matter that all User Account names are exposed to Bots. JTC blocks 100% of all automated SpamBot and HackerBot auto-registrations, auto-logins, auto-posting and auto-commenting. If you are looking for a free alternative then install a free WordPress CAPTCHA plugin.
ParticipantAITpro Admin Bless you!!! Fab, I will only use the username which keeps getting locked out to post new pages etc but the new account to make admin changes. I was concerned they were trying to steal my password but I’ve made some of the changes you recommended, the rest I can’t as without a ‘how to video’ I’m unsure of what to add/change.
Thanks again for your help, much appreciated! 🙂
KeymasterA general “how to” Custom Code video tutorial can be found here: https://forum.ait-pro.com/video-tutorials/#custom-code You would then use the simple and specific 1, 2, 3 steps listed on each Bonus Custom Code forum topic to add any custom code to BPS Custom Code.
ParticipantThank you!!
-
AuthorPosts
- You must be logged in to reply to this topic.