You are confusing two separate features (the whitelist feature and login lockdown feature) which work in a totally different way and independently of one another.
The white list feature works at the .htaccess level and will only allow the IPs configured in the settings to access the login page.
The lockdown feature is PHP based and will lockout anyone for a prescribed period of time who has entered wrong login information.
Should a white-listed person be locked out by the lockdown feature then they can use the “Allow Unlock Requests” feature which we added recently especially for such scenarios.
While I appreciate the lockout unlock by email feature, do you intend to add a Whitelist to prevent inadvertent lock outs in future?
Seems like an unnecessary inconvenience to lockout the verified owner of the website (no matter how many wrong password attempts).
I agree with Hack Repair Guy. Please consider an “absolute” IP whitelist for Admins. I’ve run afoul of the same issue with Login Lockdown.
But I will say I’m pleased that the “Allow Unlock Requests” was added. That works fine, and it at least allows you to get back in when you’ve inadvertently locked yourself out. Prior to this, locking yourself out was a total nightmare that involved FTP and more headaches, which was no fun at all.
I know it sounds crazy that you can get yourself locked out. But as a guy who runs many sites and is often harried, harassed and over-tired, it’s possible to do.
I also think the plugin may be a bit buggy on this score, because I’ve got it set to 3 tries before lockout and I would swear in a court of law that it’s done it to me before the magical third screw-up.
Anyway… overall I love the plugin. Keep up the great work. 😉
