After IP change Defender locks me out

I set very strict lockout rules on my multisite due to constant login/404 attacks: ban permanently after 2 login attempts. Today my ISP had to change my browsing IP and now Defender locked me out, although I had not even logged into the backend. I have now disabled Defender by FTP. and at least I can log in as admin again, but as soon as I enable Defender, I get locked out.

I have another website that locks me out and I had to disable Defender, but I can't enable it again without getting locked out.

How can I rectify this? Is there a way to add the new IP directly into the database?

I have granted support access to my site.

  • Luís

    Hi Chris ,

    Hope you're doing well today!

    Sad to hear the problems you are having. From what I checked in my install, go to the "options" table and make a search in the "option_name" column for "wd_lockdown_settings".

    Then, you should be able to find and change the IP in the "option_value" column:

    I hope this information has been helpful. If I can help you in this or other questions, please let me know!

    Cheers, Luís

  • Chris

    Thanks Luis, that helped! However - maybe because I am running a multisite - the string wd_lockdown_settings was inside the wp_sitemeta (and not wp_options) table. I first copied all IP's (I found 3812 there!!) from the blacklist to Excel, searched for and deleted my banned IP and then added it again to the db. Then, I also added my new IP to the whitelist section of the db. When I enabled Defender again I found that both login and 404 lockdowns were disabled, so had to enable both first and reapply the settings (it may be a good idea to advise users that this happens after disabling the plugin or else they may think the plugin is 'on guard' yet it isn't).

    So, I now have 2 issues:

    !. After enabling the lockouts again, none of the blacklisted IPs appeared in the Blacklist in the Defender interface. I now wonder, whether the blacklisted IPs from the database are still actively blacklisted, or not?? Same happens with the Whitelist.

    2. I also wonder whether 3000+ IPs in the database will significantly slow down my site?

  • Luís

    Hi Chris ,

    Firstly, I would like to apologize, I was inattentive and give a suggestion based on a regular WordPress installation instead for Multisite. You are right, in WordPress Multisite, the "lockdown settings" are saved in the "sitemeta" table instead in the "options" table.

    Then, I also added my new IP to the whitelist section of the db. When I enabled Defender again I found that both login and 404 lockdowns were disabled, so had to enable both first and reapply the settings (it may be a good idea to advise users that this happens after disabling the plugin or else they may think the plugin is 'on guard' yet it isn't).

    I would like to apologize too about this issue, but actually, it's not an issue from Defender but was a result of my suggestion. You can disable Defender and enable it again, that it should keep Login and 404 lockdown features enabled.

    From what I tested in my install, this issue is a result of my suggestion. Just before the array with the "blocked IPs" you have a text with a special format that represents the string in a serialized form, with the lenght of the string ( i.e -> a:13).

    In my case, as I only have two IPs in my database, I have something like:

    "ip_blacklist";s:26:"33.11.165.51
    33.11.165.52"

    So, the "s:26" represents the lenght/quantity of chars in the string. So, if we want to remove one of the IPs we will need to update this too:

    "ip_blacklist";s:12:"33.11.165.51"

    Otherwise, this will mess with the settings and remove all the chars inside of the string. So, again I would like to apologize about this bad information and the consequences it had.

    Unfortunately, I think we will not be able to recover the blocked IPs, unless you have backup of your website or saved that list placed in the Excel.

    Regarding to your second question, I think the impact should not significant. However, I pinged the developer to get his valuable feedback. I will update this topic once I got a reply.

    Cheers, Luís

  • Chris

    That was indeed important information which was missing. However, no harm done since I still had my Excel list so I just copied those IPs and added them in the Defender admin panel.

    I also now found two identical records of wd_lockdown_settings in my database. Neither of them contained the original list of black and whitelisted IPs, so I just deleted one of them.

    All seems well now. Would appreciate the developer's reply regarding the impact of thousands of IPs on site load.

    Thanks for now.

  • Luís

    Hi Chris ,

    Hope you're doing well today!

    I already got a feedback from the developer. Firstly, the blocked IP's list in the database will not slowdown the website, it's saved as text, so, having 3000 or 30k blocked IP's does not much different.

    Also, he informed me, that exists a better way to handle when the admin user is blocked, like the issue you have. We have a little snippet of code that you can use as a mu-plugin.

    add_filter( 'ip_lockout_default_whitelist_ip', function ( $ips ) {
        if ( current_user_can( 'manage_options' ) ) {
            $ips[] = WD_Utils::get_user_ip();
        }
    
        return $ips;
    } );

    This code allows you re-access to the website to remove your IP from the IP backlist. After remove the IP, you should delete the mu-plugin.

    I hope this information has been helpful. If I can help you in this or other questions, please let me know!

    Cheers, Luís

  • Hamid

    Hi Chris

    Regarding mu plugins.

    You need to create a directory: /wp-content/mu-plugins/

    Next, create a PHP file. You can name it anything you want. Call it i.e name it "admin_unblock.php." The full path would look like: /wp-content/mu-plugins/admin_unblock.php.

    Make sure you start the contents of the file with a <?php

    Now add your code, save your file and upload.

    That’s it! Really!

    cheers

    Hamid

  • Luís

    Hi Chris ,

    Hope you're doing well today!

    Sorry for the lack of information and thanks Hamid for providing the usefull information.

    Also, we have a cool article on your documention section about the mu-plugins, that I think it may interest you:

    https://premium.wpmudev.org/manuals/wpmu-manual-2/using-mu-plugins/

    This snippet of code will automatic whitlist the users, so, if you was blocked, you will need to:

    1) Using FTP access, upload the mu-plugin to "/wp-content/mu-plugins/";

    2) Login in your admin panel and remove your IP from the IP backlist;

    3) After that, delete the mu-plugin from "/wp-content/mu-plugins/";

    I hope this information has been helpful. If I can help you in this or other questions, please let me know!

    Cheers, Luís

  • Chris

    ...only it doesn't work! I just installed Hamid's script in wp-content/mu-plugins in one of my sites but I remained blocked! Only disabling Defender by FTP allowed me to log in. But now I can't use Defender because - even if I have Hamid's script enabled - I cannot access the Defender settings from the admin panel and remove my IP.

    Can anybody replicate this or have i done something wrong (I had copied the script from here, added the '<?php', created the folder 'mu-plugins' and renamed the script to defenderunblockip.php)?