Hi, since a couple of months i have been getting this issue, probably since centos webpanel added new features or made excisting features more strict.
I use CWP pro on different servers variating from CentOS 7-8.
Whenever a user or admin for a wordpress website reauthenticate it's login or resets it's password the users ip address gets blocked with the following rule.
lfd: (WPLOGIN) WP Login Attack 123.123.123.123 (XX/Country/-): 5 in the last 3600 secs - ##Timestamp##
I tried raising the max allowed failed logins but all settings that used "5" in the config file don't affect the setting.
Changing the period of time to check from 3600 to 60 gives same result, changing it to 1 sec seems to solve the false positives but also makes the solution worthless..
So how can i raise the max failed login's for wordpress sites in CSF/LFD so these false positives will stop blocking real customers.....
If this isn't an option i allrdy have a superb block/allow list which basicly makes this whole wordpress LFD solution obsolete since the only thing it blocks now is real customers.
I rather keep this part of CSF/LFD runnning correctly as intended with let's say a higher number then "5" instead of turning it off completely.
Thanks in advance for your replies!