Error appearing when running the security check

This might help.

The iTSec plugin has 2 (IP) whitelisting mechanisms (that I’m currently aware of). One manual (permanent) and one automatic (temporary).

Manual (permanent)
In the Global Settings module scroll down to the Lockout White List setting. Add any IP to be whitelisted.

Automatic (temporary)
The IP of any user with the Administrator role assigned will automatically be whitelisted upon successful login into the WordPress Dashboard.
The IP is whitelisted for roughly 24 hours.

To prevent any confusion, I’m not iThemes.

For what it’s worth, I don’t think this has anything to do with whitelisting.

The loopback test is a pretty simple wp_remote_post() call as can be seen below (Snippet of code is from the do_loopback() method in the better-wp-security/core/modules/security-check/scanner.php file):

256	 $exp    = ITSEC_Core::get_current_time_gmt() + 60;
257	 $action = 'itsec-check-loopback';
258	 $hash   = hash_hmac( 'sha1', "{$action}|{$exp}", wp_salt() );
259	
260	 $response = wp_remote_post( admin_url( 'admin-post.php' ), array(
261	         'body' => array(
262	                  'action' => $action,
263	                  'hash'   => $hash,
264	                  'exp'    => $exp,
265	         ),
266	 ) );
267	
268	 if ( is_wp_error( $response ) ) {
269	         self::$feedback->add_section( 'loopback', array( 'status' => 'error' ) );
270	         self::$feedback->add_text( sprintf( __( 'Skipping loopback test: %s', 'better-wp-security' ), $response->get_error_message() ) );
271	
272	         return;
273	 }
274

• This reply was modified 6 years, 11 months ago by nlpro.

No, for the current release of the free plugin the result of the loopback test has absolutely no impact.

But keep in mind this may change in any future (free) release…

Currently the result of the loopback test is only used by the fingerprinting feature available in the Pro plugin.