Why Better WP security plugin returns 418 I’m a Teapot “error”?

I am working on the WordPress website and all of a sudden after deploying it on the server, I started seeing a problem where some of the pages on my website return 418 I'm a Teapot as Response status and error as content.

After going through a few posts on HTCPC Protocol and blogs on the same problem. I figured that it has something to do with plugin Better WP Security, which I recently installed on my WordPress site also I found following code in inc/secure.php file under plugin code, responsible to return that response.

Read More
$bwpsmemlimit = (int) ini_get( 'memory_limit' ) 

//if they're locked out or banned die
if ( ( $bwpsoptions['id_enabled'] == 1 || $bwpsoptions['ll_enabled'] == 1 ) && 
     $this->checklock( $current_user->user_login ) ) {

wp_clear_auth_cookie();
@header( 'HTTP/1.0 418 I'm a teapot' );
@header( 'Cache-Control: no-cache, must-revalidate' ); 
@header( 'Expires: Thu, 22 Jun 1978 00:28:00 GMT' );
die( __( 'error', $this->hook ) );

}

But as I am new to WordPress and PHP. So I am Not able to figure out, what exactly is going wrong there. I also checked solution of problem given here, which says “It is mainly because of ftp transfer to server from local network” but I doubt its the case here as I can see that the problem persists even though we access website from different Network IPs, which were Not used in website deployment process.

One Temporary solution that I found for the problem was, to delete
lockout entries from WordPress database table
<wp-prefix>_bwps_lockouts (e.g. wp_bwps_lockouts) for your IP-Adress. Using this table, Better WP Security plugin locks the user IP
for some duration (typically 15 mins).

It will be very helpful to get an idea on Why Better WP Security plugin does this. So that we can take necessary steps to prevent this in future.

Related posts

1 comment

  1. That is the response it gives when it you have the “Intrusion Detection” or the “Login Limits” features enabled, and the plugin has intentionally blocked you. It can block you by either username or by IP address.

    The plugin can be configured to email somebody when a lockout occurs with the reason for that lockout. I suggest that you use this feature to determine the issue.

    However, if you want it to stop, then you will need to reconfigure the plugin to, basically, not do that.

Comments are closed.