[Defender] Defender not locking out failed login attempts

We have a large multisite set up on our development environment, and activated Defender Pro for the network. The only thing we have activated and attempted to test at the moment is the "Login Protection" feature.

It tells us "Login protection is enabled. There are no lockouts logged yet."

We currently have it set up to have a Lockout Threshold of 3 failed logins within 200 seconds. We changed it from the default settings after those did not work.

We have a Lockout Time of 1800 seconds, and the default Lockout Message.

We even have Automatically banned usernames: admin, dev, administrator

None of these automatically banned usernames appear to be banned, and when testing usernames that have not been banned (by typing in their incorrect passwords), no lockout ever occurs. We have tested on multiple subsites, and we have tested with multiple users with multiple roles.

Are we missing a setting in order to make login protection for Defender Pro work?

Thank you.

  • Jayman Pandya
    • Recruit

    HI cbenson583,

    I was able to replicate this issue too.

    I have escalated this to our Development team. They will check and if it is possible, they will share a hot-fix with us for this. If a hot-fix is not possible, they will roll out a fix in the next update.

    Please bear with us as the response times of Development team is longer than the First Level Support.

    Thank you for your patience.

    Jayman

  • Jayman Pandya
    • Recruit

    Hi cbenson583,

    The Defender was updated yesterday, will you be able to update the Defender to its latest version?

    Once done, you can test it. If the problem still persists, would you be able to share Support Staff Access so that someone from development team can have a closer look at the problem?

    To enable support access you can follow this guide here: https://premium.wpmudev.org/docs/getting-started/getting-support/#chapter-5

    Please respond to this thread after you enable the support staff access as we do not get the notification of it.

    Thank you

    Jayman

  • cbenson583
    • Design Lord, Child of Thor

    The update seemed to correct the issue on our development environment, but the Defender plugin’s Login Protection is doing the same thing (not blocking users after more than the allotted failed logins) on our Staging Environment.

    If I create a super user account for your team to investigate this on our Staging Environment, where can I safely post or send the login information?

    Thank you.

  • Jayman Pandya
    • Recruit

    Hi cbenson583,

    I see that the Staff Support Access has expired. Would you mind re-enabling it so that our development team can look into the issue and assist you further?

    Please respond to this thread after you enable the support staff access as we do not get the notification of it.

    Thank you

    Jayman

  • Jayman Pandya
    • Recruit

    Hi cbenson583,

    Something is blocking the Staff Support Access. Will you be able to share the login credentials using our contact form?

    It will be sent across privately. Use the following link (https://premium.wpmudev.org/contact/#i-have-a-different-question) and send the details using the message box in the form in following format: 

    Subject: “Attn: Jayman Pandya”

    -cPanel login url

    -cPanel username

    -cPanel password

    -WordPress admin username

    -WordPress admin password

    -login url

    -link back to this thread for reference

    -any other relevant urls

    Thank you for your patience. I look forward to hear from you.

    Jayman

  • Predrag Dubajic
    • Support

    Hi Chris,

    Thanks for sending those is, we have been testing your network and it seems that the lockout is working fine.

    I didn’t see any locked usernames in your settings so I added “admin” in there and I was locked out after the first try, after that I tested subsite with random login details and after 3 tries I was properly locked out as you can see in your logs as well.

    I see that you were using Defender 1.9.1 when this ticket was started and since then it has been updated to 2.0 and perhaps that’s what fixed the issue you were experiencing?

    Could you test the lockout yourself again and let us know if it’s working now?

    Or if we’re missing some specific steps from our tests please let us know.

    Best regards,

    Predrag

  • Predrag Dubajic
    • Support

    Hi Chris,

    We didn’t make any changes on your site, we started by testing it on multiple devices and browsers but couldn’t replicate the issue anywhere so there was no need to make any changes.

    I believe that updating Defender 2.0 sorted this out for you, but if you do encounter it again do let us know which browser and OS you are able to replicate it on, and if there are any specific steps we could follow to see the issue.

    Best regards,

    Predrag

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.