fbpx

Premium Support Forum

ip_lockout_deny_imp...
 
Notifications
Clear all

ip_lockout_deny_impossible


damink
Posts: 5
Topic starter
(@damink)
Active Member
Joined: 8 months ago

I've had several ip_lockout_deny_impossible status notifications in my event log.  Some of the bots attempting to access end up on time outlock despite attempting to using locally blocked and non-existent login id's.  They keep trying to access anyway, every minute for hours for each wp_login and wp_xmlrpc, and then I get the ip_lockout_deny_impossible status.  What does this mean?  Thanks.

2 Replies
admin
Posts: 52
Admin
(@admin)
Member
Joined: 1 year ago

Hello,

The only way to stop hackers from making attempts completely is by placing an extra layer between your site and them. This can be done by spinning up and configuring a proxy server. Since this is not possible from within a WordPress plugin, the hackers can make the attempts without any limitation; HOWEVER, their attempts will always fail, thanks to the Limit Login Attempts Reloaded plugin. Although we can't stop the attempts, we make it so all of them are unsuccessful, keeping your site secure.

The ip_lockout_deny_impossible status might occur from time to time when attempts are frequent and you lock/unlock users manually at the same time. We will investigate this. Regardless of the reason behind this status, the corresponding attempt will always be denied.

Reply
damink
Posts: 5
Topic starter
(@damink)
Active Member
Joined: 8 months ago

Thanks, and good to know it will always be denied.  To help in your investigation, I have not been manually blocking at the same time.  These particular bot attacks resulting  ip_lockout_deny_impossible status usually happen 1am - 6am US, when I'm asleep.  I'll see if I can spin up a proxy server via Cloudflare, which they shouldn't be getting through anyway.  Please keep me updated as to what you find.

Reply