We have a multi site running on a VPS. We had issues where Better WP Security was conflicting with Login Security Solution, so after feedback from the LSS dev we re-enabled Better WP Security and disabled strong password enforcing as well as the feature that detects multiple failed login attempts, as both of these are handled by the other plugin.
However, since then (today) we weren't able to access any of the sites on our multi site *from our own IP address*. All we got was "error" and via curl we could see we were getting a 418 "teapot" error. Accessing from other IP addresses was ok.
I think the problem is in .htaccess
I think the plugin logs incorrect logins from given IP addresses, then returns the teapot error to those IP addresses. It probably triggered for our office for some reason.
However, after asking around the office, no one tried to login to our sites this morning (at least not with multiple failures).
After investigating the plugin, checklock() looks in the bwps_lockouts table for IP addresses that it has previously locked out *as well as* logged-in users that have been marked as being "naughty". However the IP addresses are getting into that table, there MUST be a way to (a) inspect the list and (b) declare exceptions that must never be put in that list.
We have now removed the three occurrences of our office IP address (although I don't know why were added in the first place, and so soon after we re-enabled the plugin)
So – is there a way of adding safe IP addresses to a list in the plugin, so this doesn't happen again?