Oct 23 2014

What is this “Site lockout notification”???

We get LOTS of emails from clients asking about site lockout notification emails they...

Oct 23 2014 By: admin-luv Close

What is this “Site lockout notification”???

iThemes Security plugin site lockout notificationWe get LOTS of emails from clients asking about site lockout notification emails they receive from the iThemes Security plugin we set up for them (formerly known as Better WP Security). The email goes something like this:

Dear Site Admin,

A host, 123.456.789.000, has been locked out of the WordPress site at http://yourdomain.com due to too many attempts to access a file that does not exist.

The host has been locked out until 2013-9-10 16:42:26 .

*This email was generated automatically by iThemes Security. To change your email preferences please visit the plugin settings.

What is it saying?

In plain-speak, this email is telling you your iThemes Security plugin detected some suspicious activity by a person (or computer) visiting your website, AND it has blocked that specific IP from visiting your site, temporarily. This security measure is intended to lock out people or computers that are searching for weaknesses in your site that they can manipulate to inject malicious code or otherwise hijack your website and wreak havoc.

Sound scary? At first a site lockout notification can seem scary, but that’s what this wonderful plugin is for!

What you can do with the site lockout notification

Here is what we do:

First, click the IP link. Clicking the IP link takes you to ip-address.com where you can get some basic information on the IP. This is the most obvious way to tell is some activity is suspicious. Most suspicious/malicious activity seems to be in far-off places like China, Ukraine, etc. Since we do not do business in those countries, we immediately put the IP in our black list (in the iThemes Security settings).

Next, do some recon. If the IP is not in a strange area (and sometimes even if it is), or if you do business in multiple countries you will want to do some deeper investigation. We use whatismyipaddress.com because it is updated with current information by other users. By reading others’ comments you may find some details that will help you determine whether the IP in question is really malicious or not. P.S. If you know of a better resource than whatismyipaddress.com, let us know in the comments below!)

Block or not-block. One you feel like you have enough information and decide the IP is malicious or at least suspicious, add the IP to the black list in the plugin settings. We take the IP down a notch or two because one malicious user can have several related IP’s. If the IP address was 123.456.789.000 we enter it as 123.456.*.* on the black list. No, this is not a foolproof solution either, but it saves you the trouble of getting pinged by the same hacker again and again.

What you should know

You can turn site lockout notification off. If you get annoyed with too many site lockout notifications you can choose blissful ignorance. Just edit the proper settings.

No automated system is foolproof. This plugin may lockout legitimate traffic on your site — including you! This means

  1. If you are going to be visiting or working on your site, be sure to ‘white list’ the IP address of your computer/ISP. (You find this by going to sites like whatismyipaddress.com then entering your IP in the plugin’s settings.)
  2. Edit your settings to your preference. We have found that the preset preferences are pretty good at locking out suspicious activity while sparing our normal visitors.
  3. Get used to the fact that some of your visitors may get locked out. It is a small price you will pay for ensuring the health and well-being of your website.

This plugin can lock out web crawlers like Google. You will want to white list web crawlers so they don’t get locked out. Web crawlers tend to hit a lot of non-existent files as they scan your site. Since this is somewhat similar behavior (very basically speaking) to spammers and hackers, the plugin can kick in, block the web crawler and send you a site lockout notification. Not good. Do very good research to make sure the IP is legitimately a web crawler, then add them to your white list.

Happy blogging!

Need more time to do what you love? Let us help! We help you with your web stuff so you can focus on doing what you're passionate about. We even help with little things like monitoring your plugins like iThemes Security and site lockout notifications so you don't have to. Contact us to find out how we can make your life easier, and your business more successful.
View Full Post 0 Comments