I am running WP Sec and Fire (ver3.2) for 14 days without any problem - but.
Since yesterday about 10% of the user of my blog get a 403 error while trying to login with their username and password. They get the message "Access denied". Some of them I could see in the Locking Down list, some of them not. I checked them out of the Locking Down list, also gave all a new password, but without success. Then I disabled some of the additional firewall rules and that works. I disabled step by step. Only "disable Trace and Track" is enabled now. Disable Indexviewing was disabled all the time. Proxy comment, Bad Query Strings and String Filter are now turned off. 5G Blacklist is enabled now. Basic Rules are enabled. Thats the status that work for the moment, but I have a bad feeling to reduce safety rules.
One other problem is the "Logged IN Users" counter - it works incorrect, I have a lot of double and tripple counted users, how can we fix this that?
I am running WP 3.7.1. As membersystem and database I am using the Plugin S2Member (ver.131126) . It has worked for 14 days without any kind of problem. Users of the blog have to registrate but they don`t have the ability to post comments, they only have the right to read full articles and to download some stuff.
Thanks for any kind of advice.
Plugin Version: 3.2
WP Version: 3.7.1
MySQL Version: 5.1.49
WP Table Prefix: wp_
PHP Version: 5.3.3-7+squeeze8
Session Save Path: /var/lib/php5
CURL Library Present: Yes
Debug File Write Permissions: Writable