As far as I know, there is no such feature.
I was just looking for it – and found it under “Intrusion Detection” (below “404 Detection”) …
As far as I can gather it only whitelists you from 404-lockouts, but presumably that is the area in which the site admin is most at risk from being locked out.
It can’t whitelist you from being banned from login.
Which kind of banning did you mean? Login or 404 errors? I guess you mean login, because on normal situations its rarely happened a good user generates 404 errors.
If you accidentally corrupt your .htaccess file you can generate quite a few 404’s before it’s fixed. Especially where several people use the same ip-adress (in an office, for example) – and the “404 Detection” text specifically advises adding your own ip to the (404) “whitelist”.
I remembered the specific word whitelist from one installation and was looking for it in a differennt installation – and I’m guessing that must be what stevebower is looking for.
But no, as far as I can see, it’s not possible to whitelist ip’s for login-attempts.
No, it was the login blacklist I would have wanted – I’ve a user who is particularly adept at fouling up his password.
I’ll make use of the 404 filter though, thanks
Playing with .htaccess file is very risky, so I think it is a good practice to keep a backup of .htacess.
Yes, I agree. Your example case (office users using 1 IP) makes sense that whitelisting own IP on 404 detection is important. I never thought so, because I’m a freelancer work at my home not sharing IP with workmates.
From experience I know to keep at least two copies of the .htaccess file, luckily. I am still not sure what happened this time: “I was not playing with the .htaccess” ;-D – but BWPS saves to the .htaccess file, so my guess is that (strange as it sounds) the saving operation must have been interrupted resulting in a corrupted file … Or maybe clumsy fingers on my part (a definite possibility): my redirects were cut off in the middle of the first line. Thus every page except the frontpage generated a 404 :-/ And it took me a little while to realise the problem was with the .htaccess, since it was not a 500 error!
All of which is to say that there is a good reason to whitelist yourself in the “404 Detection” area. And to perhaps not be too stringent with the 404 timeouts etc if you work from different locations and/or have a dynamic ip.
A different way to generate lots of 404’s without necessarily discovering it: renaming the wp-content directory path will generate one 404 per item with that path – until you locate and rename the paths.
I noticed it immediately as my header was suddenly off, but I did rack up quite a few 404’s before fixing it!
Whitelist for failed logins is essential, guys.
Whitelisting search-engine agents to prevent from ban when 404 massive error detect would be necessary. It would be nice if could whitelist user-agents list, such as:
#in whitelist #
User-agent: Adsbot-Google
User-agent: Googlebot
User-agent: Googlebot-Image
User-agent: Googlebot-Mobile
User-agent: Googlebot-News
Thanks for the nice job with the plugin.
I agree, a login whitelist seems important. Better WP Security keeps logging me out of my site.
I could use this functionality as well. WP Security keeps banning one of my friendly visitors… 🙁
Any update yet?!! Really necessary here too! Thank you for an awesome plugin!
