Plugin Author
Paul
(@paultgoodchild)
Sorry for your troubles here… I’ll try and address each in turn.
1)
If you’ve disabled the firewall plugin and that page is still loading, then you’ve got a caching issue. You’ll need to add your login page to an exclusion for your cache.
2)
Currently the white list is stored separately to the automatic blacklist so 1 doesn’t know about the other once a block is in place. Now that they are white listed, they wont trigger the transgression counter for the auto-block. I will be releasing an update to address this scenario this week.
3)
I’ll look into this. Is there no other error displayed when they get the warning about x number of tries left?
Thank you for reporting these and being thorough in you descriptions. This really helps!
Thanks
Plugin Author
Paul
(@paultgoodchild)
Just to let you know that v4.10.1 addresses #2 and #3.
#1 is a caching problem.
Thanks again for reporting this.
Hi,
Thank you for the updates that you made, but we are having some issues with the new version.
1. We have the “Rename WP Login” set to xxxyyy. If your IP address is in the Global IP Whitelist, then going to /xxxyyy gives you a 404 error rather than the login page now. To test this a removed my IP address from the whitelist and then got the following message when going to /xxxyyy:
You have been black listed by the WordPress Simple Firewall plugin.
You tripped the security plugin defenses a total of 5 times making you a suspect.
If you believe this to be in error, please contact the site owner.
We want to add our customers IP address to the whitelist, so they don’t get blacklisted for wrong password, but they have to be able to access the site using the rename wp login code, not /wp-admin.
2. Since the blacklist is supposed to be a timed thing and it was yesterday that I was testing with wrong password, I shouldn’t still be blacklisted, yet I am. I still can’t find where the blacklist is, so I can remove my IP from it.
We need to be able to test the plugin and remove our IP address from the blacklist after testing.
Thanks again for your quick response.
Plugin Author
Paul
(@paultgoodchild)
Hi,
if you white list an IP address, then all features of the plugin are turned off for that IP address, including the rename WP Login. That is how it is built and it’s not built to have customized white-list-to-functionality mapping. That’s just way to complex to both implement and configure.
To remove an IP address from the automatic black list, go to IP Manager and click the big orange button at the bottom. You’ll see all IPs on that list which you can remove. I am investigating a possible problem with WPMS and the ajax on that page, so if you have a WPMS site, you may have trouble with that.
Regarding the timing of the automatic black list – if you access the site at all from the blocked IP, you will update the last access time and the counter starts again from 0 – what is your current auto time out?
