Hi, do you have one of the following features enabled?
Completely Block Access To XMLRPC:
Disable Pingback Functionality From XMLRPC:
The above can be found under WP Security -> Firewall -> Basic Firewall Rules. If you don’t can you enable one of the above.
Let me know if this helps you.
Thank you
I have (already) “Completely Block Access to XMLRPC” enabled, and continue to experience the issues with the login whitelist.
The lines in the .htaccess file were put there by the plugin. Should they move within the file? Currently they are near the bottom. Here’s the order in which the plugin inserted info into the .htaccess:
#AIOWPS_BLOCK_WP_FILE_ACCESS_START
#AIOWPS_BLOCK_WP_FILE_ACCESS_END
#AIOWPS_BASIC_HTACCESS_RULES_START
#AIOWPS_BASIC_HTACCESS_RULES_END
#AIOWPS_PINGBACK_HTACCESS_RULES_START
#AIOWPS_PINGBACK_HTACCESS_RULES_END
#AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_START
#AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_END
#AIOWPS_IP_BLACKLIST_START
#AIOWPS_IP_BLACKLIST_END
#AIOWPS_DISABLE_TRACE_TRACK_START
#AIOWPS_DISABLE_TRACE_TRACK_END
#AIOWPS_FORBID_PROXY_COMMENTS_START
#AIOWPS_FORBID_PROXY_COMMENTS_END
#AIOWPS_DENY_BAD_QUERY_STRINGS_START
#AIOWPS_DENY_BAD_QUERY_STRINGS_END
#AIOWPS_ADVANCED_CHAR_STRING_FILTER_START
#AIOWPS_ADVANCED_CHAR_STRING_FILTER_END
#AIOWPS_SIX_G_BLACKLIST_START
#AIOWPS_SIX_G_BLACKLIST_END
#AIOWPS_BLOCK_SPAMBOTS_START
#AIOWPS_BLOCK_SPAMBOTS_END
#AIOWPS_LOGIN_WHITELIST_START
#AIOWPS_LOGIN_WHITELIST_END
#AIOWPS_PREVENT_IMAGE_HOTLINKS_START
#AIOWPS_PREVENT_IMAGE_HOTLINKS_END
Hi, do you have any other security plugin installed? Do you have any other plugin that writes rules to the .htaccess file?
Can you try the following. Disable the Whitelisting feature and save the settings. Then enable it again and save the settings.
Lets see what happens.
AIOWPS is the only security plugin I have installed that would be writing anything to .htaccess. My other plugins are:
AIOWPS Country Blocking Addon
Amazon Web Services
Better Search Replace
Photo Gallery
PHP native password hash
UpdraftPlus
WD Manager
WP Offload S3 Lite
I tried disabling the whitelisting feature and resaving…same behavior. I also disabled the the rename login feature to return to using the regular wp-login.php but that didn’t change anything either.
I suppose I should start disabling all the AIOWPS protections I put in, try the whitelisting again, and if it works start adding the protections back in until it breaks.
Hi, that is a great idea. If the issue is not resolved after doing this then I think your next option would be to contact your host.
Regards
Still not working. I’m running AIOWPS 4.2.9. I first tried moving the login whitelist lines to the beginning of the .htaccess file; no go. Then tried disabling all of the rules except the login whitelist; still didn’t work. I also turned off the AIOWPS country blocking add-on, same result. I was verifiably trying the login page from a non-whitelisted IP and clearing the browser cache between attempts.
The last response I saw said next option is to contact the host. What am I looking for there? My site is on Amazon Web Services. I had already turned off their caching (pagespeed).
Hi, I have submitted a message to the plugin developers to investigate further this issue you are experiencing.
Thank you
Thank you, appreciate it. I’m at a loss here as to why it isn’t working.
Hi @lyweissler59,
I think I know why it’s not working.
I need to add some checks and directives for Apache 2.4 versions because currently the directives for the white list feature only apply to the older version of Apache.
This fix will be available in the next release.
Aha, thank you. I’ll look forward to the next release then.
@lyweissler59, does the latest plugin version fixes your issue?
Sorry for the delay in responding. I just installed the latest plugin, and it does indeed fix my issue. Thanks!
