iThemes Security (formerly Better WP Security)
[resolved] IPs from the white list and ban hosts do not appear in .htaccess (5 posts)

  1. aquadecor
    Posted 2 years ago #

    IPs from the white list and Ban Hosts do not appear in .htaccess.
    I deleted the lists and I entered again.
    I see a single ip in banhost list.
    What to do? You must manually enter each address?


  2. wp_kc
    Posted 2 years ago #

    I have never seen the whitelist IP addresses added to the .htaccess file in any version of BWPSecurity -- even the versions that actually work. ;-)

    The way the plugin code works is that the whitelist is stored in the plugin's options (in the WordPress database). When the plugin is testing the activity of a connected host to decided if it should lock out an IP address it is first checked against the whitelist. If it is in the whitelist, no action is taken. If it is not in the whitelist, then action is taken depending on how you have configured the plugin and what the activities of the connected host are. This could result in the IP address being added to the .htaccess file with a Deny directive.

    But the plugin has never added the whitelist to .htaccess with an Allow directive in the past. It is unnecessary since the plugin will still have to examine the activities of each host that connects and still check the whitelist anyway.

  3. aquadecor
    Posted 2 years ago #

    Because before I had set a white list, I can not disagree.
    But my problem is the black list, that set me IPs do not appear in htaccess file. And they say that there are about only stored in the database?
    So the question remains: how should I do to have blck list in htaccess file?

  4. wp_kc
    Posted 2 years ago #

    I've been sticking to version 3.63 of the plugin with all the troubles I see in the 4.0.x versions. So I'm not sure what the exact names of the options are. But you need to turn on these things to get blacklisted IPs in the .htacess....

    • Look for an option that says something like "modify core files" or modify .htaccess, and turn that option on.
    • Turn on the Ban Users feature.
    • Enable blacklist settings for login and 404

    However I would not recommend doing any of this in a 4.0.x version of the plugin because you'll just end up locking yourself and everyone out of your site. Probably the only reason the plugin is working for you now is because you have most of the security features turned off! :-D

  5. aquadecor
    Posted 2 years ago #

    All settings are talking are active. More than likely you will have to uninstall the plugin and then reinsalez it. I've done this and I think this method will give reliable results.
    Anyway thanks for the suggestions.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic


No tags yet.