Justin

I usually update the website from just a few locations. I found it easier to simply white-list the ip addresses in those locations and it solves all my problems. The plugin is great. I am thinking about upgrading after re-design of my website is over.

My inability to log back into the website was not due to the plugin. I found the real cause and everything went fine afterwards. I white-listed my home ip address but I don’t want to do the same at work and if I try to post a story from work it does not post it and I end in the empty. I tried to white-list post.php but for some reason there is no difference I can see. Else the plugin is great.

I have been using your plugin for a while now and I have to say it has protected me quite well until last night. For the first time my website of 13 years has been successfully hacked. After restoring a clean backup I realized that the ‘Block Leading Schemas (HTTPS / HTTP)’ option was not selected and I did activate it right away. I also activated a few other options including the one that removes firewall rules for successfully authenticated users. Unfortunately after I logged off, I tried an hour later to log back in and now I can’t access the site anymore. The problem I am having is that I am still under attack, unsure why my site is being so heavily targeted (more than 5000 attempts successfully repelled by Simple Security Firewall in less than 12 hours). And indeed most messages I receive display ‘Firewall Trigger: Leading Schema.’. This is to say that the plugin is doing what it is supposed to do and the successful intrusion was my fault I guess. But unfortunately, still being attacked every few seconds as I am typing now, I cannot disable the plugin as explained above and allow another intrusion due to having no window to login and change the settings. Is there any other safer way I can partially disable the plugin?