Multisite Privacy "Failed Login attempt" issue

Hey Guys

I came across an issue recently that I didn't bring up at the time but I do hope it can be solved so here it is.

When using the great multisite privacy plugin (love it) it conflicts with any brute force attack plugin I have found. Strange as it may sound, what happens is any time someone visits a "Private" site on the network it registers as a "Failed login attempt"

If the blog is visited enough times in a short matter of time, the IP and user is blocked (happened to me!) Also, I was using a plugin that logged all failed attempts and this is how I found out this is what it was really doing

The log was filled with failed login attempts from me just simply visiting private blogs on the network. Any way around this by chance? Thanks!

  • Jack Kitterhing
    • Code Norris

    Hi there Mike (@ThinkTaiwan)

    I hope you are well today.

    I've never come across this issue before, so basically if a sub site is private and you have any sort of login lockdown it registers as a failed login attempt.

    Does this happen say if you visit wp-login.php of the site in question and login first? Which plugin are you using to stop the logins etc? Just so I can test this out myself and see if there's a way around this.

    Thanks for being a WPMU DEV member!

    Kind Regards
    Jack.

  • Mike Price
    • The Incredible Code Injector

    Hey there

    I am no longer using the plugin but I believe it was "Limit Login Attempts" also you can check by using the Log plugin which was http://wordpress.org/extend/plugins/simple-multisite-login-log/

    You will see when privacy is turned on for a subsite each visit you do will result in the log as a failed login attempt. I kinda think its the nature of the plugin and might not be any easy way around it.

    Any attempt to the blog even when it asks for the password was showing as a failed login attempt from what I recall. Thanks for looking into it :slight_smile:

  • Jack Kitterhing
    • Code Norris

    Hi there Mike, (@ThinkTaiwan)

    I hope you are well today, sorry for the delay on this.

    I've been testing this and can't replicate the same issue, I've used limit login attempts, the log plugin as well, and then I've visited my testing site and it isn't logged (this is with multisite privacy enabled), which setting on multisite privacy did you have enabled?

    Thank you for being a WPMU DEV member and sorry again for the delay.

    Kind Regards
    Jack.

  • Mike Price
    • The Incredible Code Injector

    Hm that is really strange. the only thing I can think of is a plugin conflict on my end. However, I have since removed the login limit and log plugin because of it so I honestly dont remember all the setting combinations I had going.

    As far as multisite privacy settings I had the option at signup for user to choose and by default any visitor could visit a site.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.