Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
686
Views
0
Helpful
3
Replies

I get "spamming has been blocked" when trying to login to wp-admin

mark_P
Level 1
Level 1

‎04-19-2023 02:35 PM

I just started getting this message “Spamming has been blocked” when trying to login into wp-admin (my wp-admin is a different name for security reasons but I have always had it named differently, shouldn’t affect anything).

I was able to successfully login last night at 9:16 PM, but today I am unable to login to wp-admin, unless I disable Duo by renaming the Dua plugin directory.
I have temporarily disabled Duo by renaming the plugin directory so I can log in.
I have tried clearing my cache on both my browser and the web site.
When checking the Duo dashboard reports, the report does not even show a failed authentication.
I am at a loss of what else to check.
2X_2_24d5786dbcfe4d88ab5cc08854e49a2ebe306660.png

0 Helpful
3 Replies 3

DuoKristina
Cisco Employee
Cisco Employee

‎04-24-2023 02:48 PM

That’s interesting. The message shown isn’t part of the Duo WordPress plugin. Might you have another WP plugin for spam that is misidentifying Duo? We already know of a few WP plugins that don’t play well with the Duo plugin.

Do you have access to your WP site’s logs to see more details about what triggers that message?

Duo, not DUO.
0 Helpful

mark_P
Level 1
Level 1
In response to DuoKristina

‎04-24-2023 03:14 PM

Hi there,

Interesting hypothesis.

I use the following security related plugins:

Wordfence Security

WP Armour - Honeypot Anti-spam

I just tried disabling WP Armour, and sure enough, that is the software causing the problem.

Without that software running, our support email gets bombed by spammers. If I can’t get DUO and WP Armour to cooperate, I will have to replace one of them.

Looking at the error logs, I am seeing the following error:

[24-April–2023 04:00:10 UTC] Duo cookie with name: duo_secure_wordpress_auth_cookie not found. Start two factor authentication. SSL: 1

Mark

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to mark_P

‎04-25-2023 06:05 AM

I wonder if the WP Armour plugin is trying to treat Duo as a form it should modify and can’t, so then failing the spam check? Maybe there is a configuration option to prevent it from running on specific pages/forms, and you can then exclude it from the Duo prompt page?

The log line you quotes is just saying no existing cookie from a valid Duo 2FA success was found so therefore start the 2FA process.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents