I think I’ve narrowed the problem to the 404 error detection feature. Even though I’m whitelisted as admin, I keep getting banned. For now, I have the feature disabled.
Even after the most recent bug update to 4.0.5, I’ve encountered problems with being banned. However, being webmaster of 10 sites means I’ve worked out a flow.
Here’s what I’ve found:
1) If you had 404 Error Detection set up on WP Better Security before the update, delete your plugin and delete all of the data.
2) Install a fresh copy of the ithemes security plugin
3) When it asks you to automatically set up security with the popup,
don’t. Hit the dismiss link at the bottom righthand corner to opt into manual configuration.
4) Immediately go to your dashboard and whitelist yourself, because the plugin will record any changes you make as 404 errors as it hides weaknesses.
Do this for both the Lockout Whitelist and the Ban Users Whitelist.
5) DO NOT enable 404 protection. Neither of the whitelists will protect you from being locked out. The plugin author will likely need to give this feature it’s own whitelist for it to work properly.
6) Then you can turn on the other features one at a time. Everything else works pretty well.
Wow, thanks omungal. Yes, the 404 detection is really the worst feature of this plugin. The amount of time I have wasted getting access to my own website is borderline ridiculous. Too many plugins and actions trigger the log out and the whitelist is indeed pointless in those instances.
A little more testing on their behalf would be a good idea.