Not blocking admin area

  • Resolved DeleriousX

    (@deleriousx)


    10 years, 1 month ago

    Hi
    I want my visitors to be able to register and post comments no matter where they are located.
    I also want to secure my admin are so no one can login as admin unless they are in USA.

    So I set whitelist to US
    I set login form to “disable”
    I check admin area “block by country”

    Now I change my ip to Taiwan and I am still able to login as admin. “Your IP address / Country” in settings shows my Taiwan ip address.

    Is something not working as it should or am I doing something wrong?

    https://ww.wp.xz.cn/plugins/ip-geo-block/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author tokkonopapa

    (@tokkonopapa)

    10 years, 1 month ago

    Hi DeleriousX,

    Your use case might be:

    • registered user (subscriber, contributor, author, editor, no role) can login from anywhere
    • administrator can login only from your country

    Unfortunately, the above is not supported because:

    1. When a registered user login, he/she need to access admin area.
    2. Currently, this plugin doesn’t distinguish registerd user from administrator.
    3. Once you login, this plugin doesn’t block you even if your ip is not in the whitelist to prevent accidental self blocking.

    As for No.3, some of my users experienced putting their country code in the blacklist and “Save Change”.

    However, in principle, this is a feasible use case. Let me think about it.

    Thanks for your post.

    Plugin Author tokkonopapa

    (@tokkonopapa)

    10 years, 1 month ago

    Dear DeleriousX,

    Sorry for my late reply. I finally decided not to support your use case, becase:

    • “Registered user can login from anywhere” and “Administrator can login only from own country” are contradictory to each other from the security point of view.
    • I think your first priority would be to harden the password of administrator with something like 2-factors authentication.

    Although I close this topic, please feel free to let me know your oppinion or suggestion.

    Best regards,
    tokkonopapa

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Not blocking admin area’ is closed to new replies.