Support » Plugin: Cerber Security, Antispam & Malware Scan » "Immediately block IP after any request to wp-login.php" locks me

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author Gioni

    (@gioni)

    Hi!
    Did you set any Custom login URL? I mean do you have particular page or URL that allows you to log in to the site?

    MiKa

    (@photoweblog)

    No – all is standard. I have exported the settings (except the one with wp-login.php):

    {
    “cerber_version”:”1.8″,
    “home”:
    “http:\/\/www.Myhomepage.com”,
    “date”:”21 Nov 2015 10:12:05″,
    “options”:
    {
    “attempts”:3,
    “period”:60,
    “lockout”:180,
    “agperiod”:24,
    “aglocks”:2,
    “aglast”:12,
    “notify”:”1″,
    “above”:”5″,
    “nonusers”:”1″,
    “noredirect”:”1″,
    “loginpath”:””,
    “cilimit”:200,
    “ciperiod”:30,
    “ciduration”:60,
    “ciwhite”:”1″,
    “cinotify”:”1″,
    “keeplog”:”30″
    }
    }

    Plugin Author Gioni

    (@gioni)

    Your Custom login URL is empty. Just set something in this field and everything will be fine. Remember or write down your new login URL.

    MiKa

    (@photoweblog)

    Hello,

    thanks for fast answere and sorry for keeping to ask …

    We have got a second page which is running as multisite and we did not run into this troubles there. There is no custom URL but the setting with wp-login.php is active and all is fine:

    {
    “cerber_version”:”1.8″,
    “home”:
    “http:\/\/MyMultisite.com”,
    “date”:”21 Nov 2015 10:24:09″,
    “options”:
    {
    “attempts”:3,
    “period”:60,
    “lockout”:60,
    “agperiod”:24,
    “aglocks”:2,
    “aglast”:12,
    “above”:”30″,
    “nonusers”:”1″,
    “wplogin”:”1″,
    “noredirect”:”1″,
    “loginpath”:””,
    “cilimit”:200,
    “ciperiod”:30,
    “ciduration”:60,
    “ciwhite”:”1″,
    “cinotify”:”1″,
    “keeplog”:”7″
    }
    }

    Plugin Author Gioni

    (@gioni)

    If you checked

    Immediately block IP after any request to wp-login.php

    you can’t use wp-login.php anymore. You need to have some login form. How will you sign in to the site?

    MiKa

    (@photoweblog)

    Now also the multisite locked my IP when I activated “Immediately block IP after any request to wp-login.php” and requested /wp-admin.
    I have no idea why it worked this morning … anyway, it makes sense this way.

    Maybe it makes sense to add this line to “custom login page” paragraph and also add a check that “Custom Login Url” is set, because most time you have add an URL if you want forbid requests to wp-login.php.

    Plugin Author Gioni

    (@gioni)

    Sorry, I don’t follow you. What line do you mean?
    There are a lot of plugins and themes that allow to create a login form and/or particular page to use with that form. That’s why there is no reason to pairing this fields.

    MiKa

    (@photoweblog)

    That’s the reason why I wrote “most time”.

    A security plugin is a very critical plugin and user will be disappointed if they fail and lock out themselves. As a user I expect also some security at the main settings. Means: Whatever I do, I will not lock out myself by mistake.
    If I want an interaction with other plugins or themes, I am expecting these settings in an “advanced” tab.

    Usability is often connected with a point of view and freedom and flexibility is quite often in conflict with security.

    It’s just a feedback – I still like your plugin!

    Plugin Author Gioni

    (@gioni)

    I hope you will be happy with Cerber! Thanks for your feedback.

    P.S. I got you. But I thought, that is so obvious that if someone disabled wp-login.php and doesn’t set any Custom login URL, they can’t login to the site without extra plugins/themes. I understand that people love “one button” solution like ‘Click on me to get protected’. But this is a security plugin. Users need to understand consequences of their actions.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘"Immediately block IP after any request to wp-login.php" locks me’ is closed to new replies.