Access to Wordpress site blocked; solution page didn't work

Category: Wordpress

peachflambee
Asked:
2013-04-20 9:14 pm EST

Hits: 465
Hi,

Thanks to the recent rash of hacking attempts, we lost access to the Wordpress dashboard for aspiringmama.com. I attempted the recommended "Dynamic IP address access, limit by referer" solution given on this Inmotion Hosting page: http://www.inmotionhosting.com/support/edu/wordpress/lock-down-wordpress-admin-login-with-htaccess

... with no success. Still blocked.

Any advice or ideas?

You must login before you can ask a follow up question.

You must login before you can submit an answer.

This does not work for this site. I have made that ABUNDANTLY CLEAR.

Go ahead, try it.

I have asked Inmotion to look into it. Throwing the same failed solution back at me is not fixing the problem.
peachflambee
8 Points
2013-04-22 06:11 pm EST
At the risk of repeating myself:

"* Look into the low-lowel reasons that Wordpress can't handle restricting by URI when a site URI is mapped to child URI (and this is a known problem whose solution is beyond the access of the user);:

Clearly I tried this solution. Why does it not work?
peachflambee
8 Points
2013-04-22 06:14 pm EST
Oh, and right from the original post:

"I attempted the recommended "Dynamic IP address access, limit by referer" solution given on this Inmotion Hosting page: http://www.inmotionhosting.com/support/edu/wordpress/lock-down-wordpress-admin-login-with-htaccess

... with no success. Still blocked. "
peachflambee
8 Points
2013-04-22 06:16 pm EST
I am very sorry for the trouble with the back and forth on this. When I commented earlier I was addressing your previous comment, I see now in your original question though you stated the "Referer" method does not work.

The article in question gave several different .htaccess solutions. When we checked your .htaccess file, we saw more than one solution in there, which may be why the referer method you tried didn't initially work. We cleaned up the .htaccess to only include the "referer" method. This referer solution should work for you as it is not tied to any specific IP address, as we know your client's IP address changes regularly.

While it does appear to work, we don't have your login credentials so we cannot test fully. Please test again, and let us know the outcome. In order for us to diagnose the URI issue you explained earlier, we will need to test it and review any errors that occurs. We're really sorry for all this trouble you're going through, and want to see you get back up and running with a viable solution.

James R
jamesr
5,889 Points
2013-04-23 10:19 am EST

OTHER ANSWERS

0

Arn
Staff
16,649 Points
2013-04-22 9:11 am EST
Hello Peachflabee,

Was looking at the account with your domain and it appears that live tech support answered your question. Were you still having the issue? Please let us know if the problem still persists. Do be aware that the security issues are there due to the attacks on the Wordpress logins. Working with no security on the login may lead to issues that will compromise the site. Check out these articles for the latest information on the issue:

Wordpress login Brute Force Attack info
Prevent WordPress Admin

If you have any further questions, please contact technical support available 24 hours a day / 7 days a week.

Regards,

Arnel C.
Community Support

You must login before you can post a comment about this answer.

The tech patched the problem by restricting logins to two fixed IP addresses. This is absolutely not workable for the site owner, for three reasons:
* She moves around a lot, as one would expect of a busy business owner;
* Her internet access will be changing shortly;
* She could well have dynamic IP allocation at home.

It was for these reasons that I didn't waste my time implementing fixed IP addresses as a "solution." It's not a solution; it's a kluge.

So, now we have four options:
* Continue to use fixed IP addresses and basically make her site inaccessible to her most of the time, hurting her business as a professional writer;
* Look into the low-lowel reasons that Wordpress can't handle restricting by URI when a site URI is mapped to child URI (and this is a known problem whose solution is beyond the access of the user);
* Remove the security filters in the .htaccess files and risk being hacked;
* Move the site away from Inmotion.

The first option isn't workable, Inmotion is aware of the second option and, to the best of my knowledge, has not acted on it, so we're left with the last two options. As Inmotion has noted, option three could well pull down or deface her site anyway. That leaves "Move the site."

It has been Inmotion's choice, not ours, to throw this back over the fence to me instead of looking into the deeper issue.
peachflambee
8 Points
2013-04-22 3:19 pm EST
Sorry for the trouble with the login. You do not have to use the IP you can block by referrer. Please see the following links on this.

Lock down WordPress admin login with .htaccess

Prevent unauthorized WordPress wp-admin and wp-login.php attempts

These methods will suit your needs better than adding IP addresses and will allow multiple IP's to access without you adding IP's.

Sorry for the trouble.

Best Regards,
James R
jamesr
5,889 Points
Staff
2013-04-22 3:43 pm EST
Like this Question?

Related Articles

It looks like there are no related articles.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!