How to fix iThemes Security lockouts
If you have a Wordpress website, you might have come across iThemes Security, which is a plugin to secure and protect your site.
One of its features is security lockouts, so if it suspects someone dodgy is trying to get into your admin area, it will block their IP address from accessing the login screen.
Most of the time this is useful, until you find it's locking innocent users out.
If this happens, you can usually release lockouts from the iThemes dashboard, the iThemes documentation has all the info.
iThemes is locking everyone out
This is a bigger problem, and we’ve run into a few times on clients’ websites. Whenever anyone tries to log into their account – both customers and administrators – they hit the lockout screen.
If iThemes is locking all users out of your website, and none of the lockout releases in the documentation are working, the next thing to check is your cache plugin.
iThemes uses a command “DONOTCACHEPAGE” to tell cache plugins not to save the lockout screen, however not all cache plugins honour this.
So as soon as someone is locked out of the login screen and sees the lockout page, the cache thinks it's a new page and saves it. Now everyone will see the lockout page and because nobody can get past it, the cache never knows that it needs to update.
WP Fastest Cache is the main offender in our experience – and it took a lot of head scratching and Googling to work this out!
The simple solution is just to use a different cache plugin. We’re big fans of WP Rocket because it’s dead easy to configure, well documented, plays well with most major plugins, and just works!
Get the latest digital insights straight to your inbox
By submitting this form you consent to Bigfork Limited sending you marketing emails. You can opt out at any time, see our privacy statement for full details.