Bit51 (part of the iThemes family)
Forum Replies Created
-
Hello ortixia, email me at info [at] bit51 [dot] com and we’ll see if we can get the feature working for you.
Thanks for the report. Now wp-login.php itself still needs to take the post request to process login however, if you have “Hide Backend” enabled access to wp-login.php requires the “Secret Key” get variable.
The error message should show for the entire site up to the point where the lockout expires. The thought being, if someone is trying that hard to get in one way, you don’t want them concentrating on anything else once they’re locked out.
You can clear any lockout by clearing the bwps_lockouts table in your database.
Now are ya’ll still seeing logged results on Good logins? I have yet to reproduce that one on any site.
Hmm….
…I tried a couple of other fixes in the 3.4.1 version I’ve just released. Please try it and re-save your “System Tweaks” settings after you upgrade. I just realized that without any database updates it probably didn’t rewrite your .htaccess. If it still doesn’t work disable “Filter Spam Comments” in System Tweaks and I’ll go back to the drawing board.
I do believe I have a working fix (at least it works on the 2 sites I could test Jetpack comments on)… Please try the dev version (http://downloads.wordpress.org/plugin/better-wp-security.zip) and let me know if it works for you.
I did forget to mention that listing the IP twice could happen in some situations as the list doesn’t check however, if it had been written to your .htaccess initially it shouldn’t have ever come up.
Thanks for the feedback.
The plugin actually saves the setting to the database and then builds the htacess before finally writing it which is what makes your situation so unique. If you would like I could help you disable that setting. Email me at info [at] bit51 [dot] com if you’re interested.
First I’m curious as to what part of the .htaccess is causing the error for you. Are you using an unusual browser or something that might be picked up in that list?
If your comfortable editing a serialized array you can find the setting in your options table under bit51_bwps. The key is “bu_blacklist”
Finally, what happens when you deselect the blacklist setting? Is it throwing you an error?
Whoops, should;ve given you the email…
info [at] bit51 [dot] com
Thanks. Admittedly this will probably take me a few days before I can investigate. I’ll post back when I have a patch.
Chris
Can you email me at info [at] bit51 [dot] com to take a look at this? This is a rather interesting and specific case that I hadn’t planned on yet I would like to look at as it could be handy in the event of a DOS attack/etc.
Thanks!
can you email me at info [at] bit51 [dot] com so that we might be able to sort this out?
I’ll take a look. Can you send me a link example so that I may make sure I’m looking at the right thing?
Are you using NGINX or Apache? In the case of NGINX you have to enter the rules twice, once for the http virtualhost and once for https.
Let me take a look at the SSL login. I frankly haven’t used log-in status as a criterion for front end ssl. Can you email me at info [at] bit51 [dot] com so I might get a little more information to make sure any changes I make are the correct changes?