iThemes Security (formerly Better WP Security)
Blacklisting regular users on regaulr page visits (8 posts)

  1. danbrady
    Posted 3 years ago #

    We have Better WP Security running on a multi site with Login Security Solution.

    Both are installed and activated at the network level.

    I have disabled 'Enable Login Attempts' and deselected 'Blacklist Repeat Offender' but the plugin is still blacklisting IP addresses. More than that, it is blacklisting regular users who are simply accessing the home page from an internal page.

    This seems to happen only in IE8. It occurred on http://www.danbrady.co.uk and again when tested in browserstack using IE8 windows - go to an internal page then click on 'Home' - it brings back a most unhelpful "error" page which I think is the 418 teapot error. The email notification I get from this event states the IP has been locked out "due to too many attempts to open a file that does not exist."

    Login Security Solution suggests that some features need to be disabled in BWPS for them to 'play nicely' together:

    Better WP Security: Their "Enable Login Limits" and "Enable strong password enforcement" functionality conflict with our features. The good news is we provide more robust protection in those areas and the Better WP Security "Settings" page lets you disable those features in their plugin.

    I have disabled the login limit as described above so how is this occurring?

    Can you please be specific about which settings should be disabled?

    FYI we have APC caching on the server


  2. danbrady
    Posted 3 years ago #

    Also, I have 'Enable strong password enforcement' deselected as recommended by Login Security Solution

  3. danbrady
    Posted 3 years ago #

    I've disabled Login Security Solution and the problem is still occurring, so perhaps it isn't a conflict after all.

    Something in Better WP Security doesn't like our multi site (or vice versa).

    Could this be to do with the APC caching we have installed?

  4. danbrady
    Posted 3 years ago #

    Disabling Better WP Security brings the site back…

  5. Handoko
    Posted 3 years ago #

    Hello danbrady.

    I think your problem is not because of the Enable Login Attempts.

    It sounds you should disable 404 Detection. Goto menu > Security > Intrution Detection > don't Enable 404 Detection.

    Why this problem happened? Many possiblities. Improper caching settings or compatibility of both the plugins could cause this issue too.

    If you want to know more about this 404 errors, you may read my last post in this thread:

  6. danbrady
    Posted 3 years ago #

    Yes, it was 404s. The home page had about 8 x 404s – inc 4 to theme files eg jquery.

    Thanks for your help

    I wonder if BWPS can be fine-tuned, so it only triggers on 404s to certain types of file?

  7. Handoko
    Posted 3 years ago #

    Many users have problem with 404 errors, I did too. It would be great if we can whitelist certain 404 errors.

    Unfortunately, there is no such feature in this plugin for whitelisting or fine-tuning.

  8. AITpro
    Posted 3 years ago #

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic


No tags yet.