I’ve got a weird situation whereby I sometimes can’t log in as clicking on a link (or going directly) to /wp-login.php shows me a blank page with the words ‘Not Permitted’.
If I go to the /wp-login.php page directly from that ‘Not Permitted’ page, then I can log in using my details. If I try and log out again though, I reach that ‘Not Permitted’ page again and can’t log out.
That’s a bit long-winded, so I’ve created a video so you can see what I mean:
http://www.youtube.com/watch?v=BI3NTiGNgoE
Has anyone come across this before? This is the first time I’ve seen this type of error, I’ve seen the ‘are you sure you want to log out’ error message before, but not this one…
Thanks
Osu
I made an answer out of this now to give a more detailed write-up to your question.
As the botnet is so large and the attack is happening with so much IPs (some providers say they have seen >90.000 different addresses) it makes no sense anymore to start blocking single IPs (using plugins like Limit Login Attempts or fail2ban at the server side) like we did in the past.
Your hosting company is quite right. Your page maybe is under attack. Like almost all other wordpress installations in the moment are also under attack. But they implemented a solution that’s actually preventing you from working with your wordpress install.
The only REAL solution in the moment is to have a strong password that cannot be brute-forced (optionally don’t even have a username
admin). If you really have a safe password you can tell your provider to disable that limitation without any worries.Also following a long discussion at the wp-hackers mailinglist, Sam Hotchkiss actually came up with a plugin called BruteProtect you could additionally use. This plugin logs all failed logins from any wordpress install this plugin is installed on and blocks any IP that has to many failed attempts.