WordPress CMS is well known for easy SEO also famous easy security customization but making stable secure unlike other CMS still bit tough. If you optimized well with plugin like all in one wp security its enough to ensure your wordpress site is secure. We may come up with complete guide wordpress security in next post with all in one wp security.
Here this is the one of the problem where beginners struggle while configuring all in one wp security settings. Enabling brute force firewall protection in wordpress there may be chance without knowing your site login path changed you may tried with another login path which native path same /wp-admin or customized login path.
By first time trying with same IP, this plugin will automatically lock your login path and navigates you redirect URL http://127.0.0.1. Its tough to resolve when your wordpress login locked for force login attempts. Here in this stage you cannot login to your wordpress site and there is no way to revert settings to do. Use below methods helps to resolve this error.
What is brute force firewall protection?
A Brute Force Attack is when a hacker tries many combinations of usernames and passwords until they succeed in guessing the right combination.
Due to the fact that at any one time there may be many concurrent login attempts occurring on your site via malicious automated robots, this also has a negative impact on your server’s memory and performance.
The features in this tab will stop the majority of Brute Force Login Attacks at the .htaccess level thus providing even better protection for your WP login page and also reducing the load on your server because the system does not have to run PHP code to process the login attempts. [Reference : Plugin Info]
How To Set Up and What Things To Note?
Below screenshot help you configure this brute force firewall protection feature. Check all marked below. Use secret word that cannot be judged by others, please do not use your nick name or other thats easy to guess.
With help of redirect URL you can redirect hackers to other servers, its good practices that you are not forcing hacker navigating your site that takes load on your site instead you are navigating hacker to http://127.0.0.1 it takes burden on their local server.
Before saving settings do not forget to take backup .htaccess file, don’t worry if you doesn’t before I will tell another way to wipe out
When This Lock will happen?
If you give secret word or saving these default settings you will be given new login URL and don’t forget that new login path. In this way you forget that login path or accidently went URL /wp-admin this plugin automatically detect your IP forcing navigation to above redirect IP http://127.0.0.1. Then lock will happen on your IP.
How To Resolve this WordPress login path lockout?
1. Hope you are of this login path lock happen behalf of configuring AIOWPS not with another plugin. Then this is the time to revert changes done by all in one security plugin.
2. You can disable all in one wp security by changing(renaming) /wp-content/plugins/all-in-one-wp-security-and-firewall into /wp-content/plugins/all-in-one-wp-security-and-firewall.deactivate. But hope you need all in one wants to run on your wordpress site since its other features are tremendous, so skip this step if you wants to run your site with AIOWPS.
3. Go To public folder if you are using cpanel enable show hidden files when you navigate to file manager. Then select .htaccess to download before you do changes on this file.
4. After you download .htaccess click on edit this file from cpanel, then remove following in between lines.
# BEGIN All In One WP Security ... ..
# END All In One WP Security Remove above lines in between these including these lines then save file. 5. For FTP < Upload the edited /htaccess file to the server FTP and overwrite the existing file. 6. Now Try to login your site with default login path /wp-admin. Backup your wp files are important when you break files or server breakdown happens. We will come up with complete guide how to do back up with several plugin creatively. Hope your wordpress login page never locked again. :)