Support » Plugin: iThemes Security » option

  • Micha


    Hi Developers,

    In the Banned Users section, there is a checkbox to “Enable’s blacklist feature.“
    We have enabled that function.

    My rest api connection created a authentication error last week after some user cleanup. So we could not connect to the Woocommerce rest api. It give a 403 error. When i switch this option off it works fine again.

    So my question was: Is there a way to remove my own ip address from this blacklist? replied to me:
    That plugin and Blacklist option is no longer fully supported. I recommend not using the blacklist option.

    Can you confirm this reply?



Viewing 5 replies - 1 through 5 (of 5 total)
  • The Banned Users module Default Blacklist setting is for 99% a list of user agents (written to the .htaccess file when using Apache web server) for which request are banned (403 forbidden).

    The entry that causes issues most of the times is the one blocking requests with an empty user agent.

    So make sure that:

    • Your (REST API) request does not have an empty user agent…
    • …and the user agent value does not match any of the other entries.

    To prevent any confusion, I’m not iThemes.

    • This reply was modified 2 years, 9 months ago by nlpro.
    • This reply was modified 2 years, 9 months ago by nlpro.
    Thread Starter Micha


    @nlpro Thanks for the reply. So first I need to check in the htaccess file if my ip address is blocked.

    When my ip address is not in the file i must check if my rest api application sent a user agent.

    I was not familiar with this option 😉
    It’s switched off now but it was working well.
    So im going to look in the htaccess file.


    You don’t really need to check for your IP address in the .htaccess file. If your IP address is banned (by the iTSec plugin) it will be listed in the Ban Hosts setting (under Ban Lists) of the Banned Users module.

    By default the iTSec plugin automatically writes entries to the .htaccess file (unless you have disabled the Write to Files setting in the Global Settings module).

    Thank you for the follow-up folks.

    Yes, I did help in developing this option and do continue to use it on many websites.

    Though I have found that this particular feature does not play well with all plugins, so it’s best to just disable in those cases when errors arise; as the more obvious solutions noted above do not always work (maddeningly so).

    Thread Starter Micha


    I will disable this function. Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘ option’ is closed to new replies.