so regarding your suggestion
When BWPS plugin is not allowed to directly edit core files, append something to the email notifications about having to go and manually edit them yourself.
e.g. I just got the following message:
A host, 188.8.131.52(you can check the host at http://ip-adress.com/ip_tracer/184.108.40.206) has been locked out of the WordPress site at http://mysite.com parmanently due to too many login attempts. You may login to the site to manually release the lock if necessary.
The wording is a bit mislead because until I manually update the .htaccess file myself (I'm presently not allowing the plugin to directly edit files - in part to learn what it actually does) that IP will NOT be locked out.
This could be made a lot more obvious, e.g. by chaning the text and including something about needing to edit the file yourself if BWPS security is configured to not be able to edit files directly.
in this thread http://wordpress.org/support/topic/suggestions-and-bwps-40?replies=25
which i totally second as it being more than misleading.
as also this message "Settings Saved. You will have to manually add rewrite rules to your configuration. See the Better WP Security Dashboard for a list of the rewrite rules you will need."
that comes up when you manually input a host ip you want to ban in the backend of the plugin.
When it says configuration does it mean i have to manually edit the .htaccess file, wp-config.php file or both?
and if in the beginning i did not allow BWPS to be able to edit the files directly, added some host ip in the ban area of the plugin and then let BWPS to edit files, are those IPs locked out?
Thank you in advance!