I am getting a 404 lockout

I have been locked out of my own website by defender, I received the following email - We've just locked out the host 192.143.68.126 from https://www.pro***.com due to more than 10 404 requests for the file /wp-content/plugins/wordpress-chat/wpmudev-chat-ajax.php. They have been locked out for 300 seconds.

In the admin dashboard it shows:

https://static.livechatinc.com/8801096/P4EAKIIMQ0/ca9e0698e0aa2c71b7b3afe3ed8aaeaa/Capture1.JPG

However, the file exists in the server:

https://static.livechatinc.com/8801096/P4EAKIIMQ0/509a6ba2c7c5f3f85480d8cd09994e9f/Capturehg.JPG

Is there a reason why this happened in the first place? And how can I avoid this in the future?

  • Kasia Swiderska

    Hello Zohar,

    This is very probably caused by bug in WordPress Chat plugin where wpmudev-chat-ajax.php is throwing 403 error - that can be seen on browser console (that bug is reported to developers). In this case you would need to switch to WordPress Ajax from Plugin in Chats Common Settings:

    That should get rid of the error in console until our developers will fix the issue with Chats and should also prevent Defender from lockouts.

    kind regards,
    Kasia

  • Zohar

    Hi Kasia,

    Thank you for the response.

    I really hope that this is sorted out soon. My fear surrounding this issue lies in the fact that I may be losing clients simply because they are being locked out for no reason. I was locked out of two of my business websites while I was not logged into WordPress - which is what led me to believe that clients' could have experienced the same issue.

    I also feel that the "HUB" should have a feature that allows us to whitelist IP's directly which will remove the need to contact support or live chat and have to (sometimes) wait a fair amount of time before receiving support - on the day that this happened, I was in the middle of updating many pages and blog posts and this negatively impacted my work time frame.

    How will I know once the developers have sorted out this issue?

    Regards,
    Zohar

  • Kasia Swiderska

    Hello Zohar,

    I'm afraid I'm not able to provide any ETA when the issue with Chat plugin will be fixed. For now it Chat plugin has to be switch to WordPress Ajax to avoid throwing those errors, so Defender will not do the lockout.

    If there will be a hot fix for this issue we will post in the thread - if fix will be released with new plugin version there will be prompt to update in WordPress admin, so make sure plugin is always in latest version.

    I also feel that the "HUB" should have a feature that allows us to whitelist IP's directly

    I will pass your suggestion to project manager. In emergency cases you can use one of those codes

    add_filter( 'ip_lockout_default_whitelist_ip', function ( $ips ) {
        if ( current_user_can( 'manage_options' ) ) {
            $ips[] = WD_Utils::get_user_ip();
        }
        return $ips;
    } );

    or

    // Use if member is locked out by Defender
    add_filter( 'ip_lockout_default_whitelist_ip', function ( $ips ) {
        $ip    = 'YOUR IP HERE';
        $ips[] = $ip;
    
        return $ips;
    } );

    added as Must Use plugin https://premium.wpmudev.org/manuals/wpmu-manual-2/using-mu-plugins/

    kind regards,
    Kasia

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.