WordPress.org

Support

Support » Plugins and Hacks » All In One WP Security & Firewall » [Resolved] Feature Request: Login Lockdown Whitelist

[Resolved] Feature Request: Login Lockdown Whitelist

Viewing 15 replies - 1 through 15 (of 18 total)
  • Plugin Contributor mbrsolution

    @mbrsolution

    Hello debenedictis, try the following

    WP Security >> User Login >> Login Whitelist and select Enabling IP Whitelisting. This will display your current IP, if you wish you include it as well. Further down you can add all the IP address and or IP address range to the Enter Whitelisted IP Addresses box.

    If you need any more help let us know.

    Kind regards

    Plugin Author wpsolutions

    @wpsolutions

    @debenedictis,
    Currently the lockout feature does not exempt certain IP addresses from being locked out.
    The white list feature will only control who can get access to the login/wp-admin pages but those users can still get locked out if they get user/pass wrong.

    We will look into what you have suggested and see if we can implement something in a future update.

    @wpsolutions

    Thank you.

    If you do update the plugin to support a lockdown whitelist please update this ticket.

    sdesigns

    @sdesigns

    Adding this feature would be great as I have the same problem. People keep using a cappital letter when it should be lowercase or the reverse then they get locked out.

    thinkwired

    @thinkwired

    I made a similar request about a month ago; http://wordpress.org/support/topic/whitelist-valid-users?replies=2

    Rather than suggest a solution I’d just like to reiterate the problem and let the developer decide the best way to solve the need.

    How do we stop legitimate users, who are in some cases paying customers, from being locked out for doing something silly like misspelling their username?

    It would be nice to either whitelist known users OR select usernames to autoblock rather than autoblocking all unknown usernames.

    Best!

    Plugin Author wpsolutions

    @wpsolutions

    Hi guys,
    In order for the lockout feature to actually lock somebody out they have to get their username (or password) wrong multiple times.

    If someone is consistently getting their login details wrong, then in normal security practice this should sound alarm bells because you are most likely dealing with someone who is illegitimately trying to log in.

    All of your suggestions are fine but they also open up more security holes because we would be making exceptions for people who can’t remember their own account details.

    Having said that, we still want to think about this more carefully to see if there are ways to cater for what you are all asking for but with the least security compromises.

    (Don’t forget, that the administrator can easily unlock any user by clicking the “unlock” link in the table which lists locked out users in the lockout settings page)

    thinkwired

    @thinkwired

    “we would be making exceptions for people who can’t remember their own account details”

    Exactly… how do we make exceptions for people who can’t remember their own account details? I know it sounds crazy and unbelievable but, it is happening. I have 50 or so user accounts and legitimate users get locked out 2-3 times per month. If things go well I expect to have 100 or so members in the next few months which means I will be dealing with angry users 4-6 times per month.

    Rather than “Instantly Lockout Invalid Usernames:” it might be nice to create a manual list of usernames to instantly lockout.

    Plugin Author wpsolutions

    @wpsolutions

    After having a think about this, we feel we might have a couple of ideas in mind which should solve the issue of legitimate users locking themselves out.

    We may introduce something in the next release or the one after (depending on how busy we are)
    Will keep you guys posted.

    If this is your solution, it is brilliant; “Check this if you want to allow users to generate an automated unlock request link which will unlock their account”

    Can you tell us exactly how this feature works? I assume any locked out user can enter their email and receive a link to unlock their ip? Its safe to assume spammers and automated bots will not do this.

    Uh oh, I just tried this out and it seems as though you need to know your username… half of my lockouts are caused by people entering a wrong username. usually off by one letter — probably a mistype.

    Plugin Author wpsolutions

    @wpsolutions

    I still can’t believe people cannot remember their own user names!

    Ok we will modify the feature so that the locked out user will only have to enter email address when they submit an unlock request.

    The problem is, people use all kinds of different usernames across the web. My site offers a blog and a forum, I have users who use different names to login to both. I don’t understand it but the usability feedback/research doesn’t lie. End users are not like us.

    Hi

    I would like to exempt few users with fixed IP too.

    I am not finding

    WP Security >> User Login >> Login Whitelist

    or any other options for creating a whitelist. I have v3.7.7

    Does this option still exist?

    Plugin Author wpsolutions

    @wpsolutions

    We moved that to the “Brute Force” menu.

Viewing 15 replies - 1 through 15 (of 18 total)
  • The topic ‘[Resolved] Feature Request: Login Lockdown Whitelist’ is closed to new replies.
Skip to toolbar