Locked out!


#1

I’ve been using miniOrange two factor authorisation on my site for some time. I enter my username and password and get an e-mail with a link to click. Recently I decided to change the security (in iThemes I think) where I banned people using admin as the username. I’ve never used it myself and it seemed like a good idea. I’ve had no problems since I did this about three or four weeks ago.

Today I got an e-mail from iThemes (which is unusual for me) about lockouts - 32 users and 32 hosts. I wondered what this was about, so I’ve just tried to get into my site to check and I have a message saying I’ve been locked out due to too many invalid attempts. I put myself on some kind of “white list”. I think it uses our IP address so I’m never locked out. The only potential problem here is that when I mentioned it to my husband a few days ago, he said something about our IP address changing. We live in the middle of nowhere and lose our connection on a regular basis. I think he was implying every time we got a connection back, that our IP address changed. (He’s working a long way from home today, so I can’t check with him).

I’m not very technical at all. How do I get access to my site again?


#2

If you can log onto your ftp, you can try changing the name of the miniorange plugin’s folder in Wp-content > Plugins. This turns off the plugin. You can then change the name back and manually reactivate the plugin once youre logged into your backend.


#3

Thank you for that. I’ve found something from iThemes and I’m in my cPanel at the moment. This is the first time in nearly six years that I’ve been locked out and I don’t really understand why…


#4

That didn’t work. I can’t get in to the phpMyAdmin section :frowning:


#5

No you don’t need the phpMyAdmin. That is the database. What you’re looking for is a the File Manager.


#6

cPanel was the solution suggested by iThemes, but yes, I will start up Seagull now :slight_smile:


#7

Oh, alright, because you can also go to File Manager through cPanel, which is where my confusion came from.


#8

I tried your method and get the same warning message. Can I assume iThemes has locked me out for some reason?


#9

I dont know how to fix it beyond this, and it does seem like it is them that locked you out, so its a good idea to ask them.


#10

Cheers! I’ve sent them a help request :slight_smile:


#11

Good luck, hope you hear back from them soon :+1:


#12

I’ve got in using the same workaround as above, only on the iThemes plugin. Now I’m not sure where to go from here. I clearly can’t “white list” myself if our IP address keeps changing.


#13

Maybe turn off the part that was causing the problem? It might be a step back in security, but while a safe without a door might be more secure, it is also less useful.


#14

I’ve gone through everything and it seems as though there has been a massive rise in brute force attacks. My site doesn’t get many views and yet there have been 99 attempts in the past 24 hours - that’s a lot for me. Now I’m trying to figure out why the IP address I got on my desktop doesn’t match what I get on the internet. (Currently reading a very interesting article that I almost understand). Both numbers have been white listed now. The IP address on the internet also has our location about 600 miles from where we actually live… :slight_smile:


#15

99 hack attempts in 24 hours is not a brute force attack. Don’t let anyone scare you into thinking that it is.

This sounds more like a very simple attempt to login using one or more specific usernames. If that’s all it was, you don’t need extra “security” to deal with it. Just ensuring you don’t use those usernames already protects you.

This is what I hate about so many security plugins. They prey on the fear of their customers to sell their products, yet often provide little or no added security (but often added inconvenience).


#16

Oh… thank you for that. It’s just that I’ve had almost no attempts since I moved to WP.org about 18 months ago. Today it appears they are attempting at a rate of once every two or three minutes. The logs have gone crazy :smile:


#17

This is called a dynamic IP. If you have this, then the easiest thing to do if you are locked out is just reboot the modem. That will most likely pick up a new IP and then you should be good to go.

My ISP offers static IPs as standard, which is great because I can just add myself to a whitelist.

And don’t worry about increased login attempts. They come in waves. Don’t know what drives it. Maybe something to do with a full moon that gets people all excited about hacking.


#18

Perhaps the release of 1.0.0…

Exactly this. The Plugin Vulnerabilities Blog lays these tactics bare without mincing words. Fear, uncertainty, and doubt (FUD) are moneymakers, unfortunately.


#19

With thanks to everyone, it seems to have died down now. It wasn’t a good day yesterday. Not only was I locked out of my dashboard, but somehow Bing has taken over my new tabs, in spite of everything being set to Google. Hubby told me to use Malwarebytes, which shifted several hundred suspicious files (even though we use Sophos), but it then broke every browser. We’ve been without the internet since yesterday evening. I removed Malwarebytes this morning and everything is back, including Bing, but it seems as though I will have to live with that. Sigh… :rofl:


#20

Yikes, good luck. Maybe uninstall the browser and then reinstall it after you have turned malwarebytes on?