Title: pcde's Replies | WordPress.org --- # pcde [ ](https://wordpress.org/support/users/pcde/) * [Profile](https://wordpress.org/support/users/pcde/) * [Topics Started](https://wordpress.org/support/users/pcde/topics/) * [Replies Created](https://wordpress.org/support/users/pcde/replies/) * [Reviews Written](https://wordpress.org/support/users/pcde/reviews/) * [Topics Replied To](https://wordpress.org/support/users/pcde/replied-to/) * [Engagements](https://wordpress.org/support/users/pcde/engagements/) * [Favorites](https://wordpress.org/support/users/pcde/favorites/) Search replies: ## Forum Replies Created Viewing 15 replies - 1 through 15 (of 22 total) 1 [2](https://wordpress.org/support/users/pcde/replies/page/2/?output_format=md) [→](https://wordpress.org/support/users/pcde/replies/page/2/?output_format=md) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[All-In-One Security (AIOS) – Security and Firewall] IP Detection Error; Cookie Based Brute Force Lockout](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/) * Thread Starter [pcde](https://wordpress.org/support/users/pcde/) * (@pcde) * [2 years, 2 months ago](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/page/2/#post-17505578) * Ahhh, that explains it. * Thanks so much again for helping figure this out. (Thanks especially for figuring it out before I went ahead and did all the work creating a new WordPress installation to troubleshoot! lol). * I think now we can very happily mark this as resolved. Cheers. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[All-In-One Security (AIOS) – Security and Firewall] IP Detection Error; Cookie Based Brute Force Lockout](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/) * Thread Starter [pcde](https://wordpress.org/support/users/pcde/) * (@pcde) * [2 years, 2 months ago](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/page/2/#post-17504357) * Very happy to say that it’s 3 days later and everything is still working! * I’m not sure if this tells you anything significant, but when I first turned SALT off I got locked out of the website entirely (redirected to 127.0.0.1) for a period of time. Turning off CBBFP in wp-config made no difference. I am not sure why this happened, or how I eventually started being able to login again, but it seems it was just a temporary thing. This also happened when I turned off SALT on my staging website (where somehow CBBFP had always been working even with SALT on). * Other than this one temporary thing following turning off the SALT feature, everything is now working as it should again. * I wonder why when I turned SALT off while troubleshooting things CBBFP didn’t start working again then? Odd. * All I know is I am so glad everything is working again! Thanks for sticking with this. Cheers. - This reply was modified 2 years, 2 months ago by [pcde](https://wordpress.org/support/users/pcde/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[All-In-One Security (AIOS) – Security and Firewall] IP Detection Error; Cookie Based Brute Force Lockout](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/) * Thread Starter [pcde](https://wordpress.org/support/users/pcde/) * (@pcde) * [2 years, 2 months ago](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/page/2/#post-17495165) * Ok, SALT is off. Here’s hoping it does the trick! I waited overnight after turning it off, cleared all caches/cookies etc, and just now tried logging in using CBBFP and… it worked!! I am both shocked and delighted. lol 🙂 * Really hoping this fix sticks and it is still working a few days from now! I will keep you posted. Thank you! * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[All-In-One Security (AIOS) – Security and Firewall] IP Detection Error; Cookie Based Brute Force Lockout](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/) * Thread Starter [pcde](https://wordpress.org/support/users/pcde/) * (@pcde) * [2 years, 2 months ago](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/page/2/#post-17491911) * Hi again! Sorry for the delay replying… life got fin the way. Not to mention I am SO tired of researching this! 🙂 * Re your previous message: yes, the cookie shows both “http only” and “secure” checked. * Re the SALT postfix: Yes, I have that turned on. But I previously went through a troubleshooting process where I turned that off and it made no difference to CBBFP. Should I turn it off now? It is on and working fine on my staging site with no CBBFP issues. But there may be some differences between my staging server and live server. I don’t know if some other plugins may use SALT. * Thanks for following up on this! * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[All-In-One Security (AIOS) – Security and Firewall] IP Detection Error; Cookie Based Brute Force Lockout](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/) * Thread Starter [pcde](https://wordpress.org/support/users/pcde/) * (@pcde) * [2 years, 3 months ago](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/page/2/#post-17455978) * OK… next question: my website is https only. This is security best-practice is setup both at my website host and also in the Cloudflare settings. All non-https traffic is redirected as https. But I notice that the CBBFP cookie is marked “ http only”. Could this be the issue? * If it is, can the CBBFP cookie be changed to https? * (Also, this issue should not be marked resolved… it is ongoing. My next step in trying to figure it out, if the https/http thing is not the solution, is to create an entirely new website installation on a subdomain on the same domain/ server to see if the problem can be replicated there. Such a PITA!) - This reply was modified 2 years, 3 months ago by [pcde](https://wordpress.org/support/users/pcde/). - This reply was modified 2 years, 3 months ago by [pcde](https://wordpress.org/support/users/pcde/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[All-In-One Security (AIOS) – Security and Firewall] IP Detection Error; Cookie Based Brute Force Lockout](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/) * Thread Starter [pcde](https://wordpress.org/support/users/pcde/) * (@pcde) * [2 years, 3 months ago](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/page/2/#post-17449492) * I wasn’t asking if CBBFP or AIOS requires the visitor’s IP, I was asking if in completing its process CBBFP or AIOS visits or routes though any IP or AS# of any external services (including your own) or if it uses any external services? Or does the entire CBBFP process complete entirely within the host website’s domain server with no external calls or routing. * If you could just clarify that for me. Thx. - This reply was modified 2 years, 3 months ago by [pcde](https://wordpress.org/support/users/pcde/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[All-In-One Security (AIOS) – Security and Firewall] IP Detection Error; Cookie Based Brute Force Lockout](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/) * Thread Starter [pcde](https://wordpress.org/support/users/pcde/) * (@pcde) * [2 years, 3 months ago](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/#post-17444137) * OK… well, I have done everything I can think to do but unfortunately the CBBFP problem remains the same. I am at a loss to explain it. I have… 1. Disabled all plugins except AIOS and reverted to a default theme, disabled/cleared all caches, and disabled Cloudflare… all at the same time. No change. 2. Consulted with my IP/Hosting provider, checked all logs, looked for any errors( there were none), cleared all DNS and server caches… no change. * The CBBFP cookie is still being written correctly and has the correct expiry date. But as before, after activating the CFFBP feature it works correctly for a short time, but after that period of time, for whatever reason, the plugin seems to no longer be able to read the cookie and the error repeats. How much time CBBFP continues to work correctly after each on/off reset is different each time it is done. What determines that amount of time remains a mystery. * I can still bypass CBBFP via wp-config without issue. There were a few times during all my troubleshooting when I thought I might have affected something, but it turned out that after disabling CBBFP and then re-enableing it, for whatever reason it just kept working correctly for a little bit longer than usual before it once again stopped working in the same way. * TLDR; I still have no idea what is triggering CBBFP to stop working. * At this point my only remaining guesses are: 1. CBBFP makes a call to some external IP or AS# and I inadvertently have that IP/AS# blocked via CF and thus am blocking plugin access to the CBBFP cookie. Does CBBFP make any such external IP/AS# calls? I am not able to determine this via Cloudflare logs so must rely on you for this info. It is an easy fix if this external IP/AS# theory is correct. 2. I have no guess #2. I am at a loss to explain this. I have explored absolutely every possible thing I can think of and am capable of exploring. * I really hope you can help figure this out. I am beyond exhausted. Thx. I remain hopeful… * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[All-In-One Security (AIOS) – Security and Firewall] IP Detection Error; Cookie Based Brute Force Lockout](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/) * Thread Starter [pcde](https://wordpress.org/support/users/pcde/) * (@pcde) * [2 years, 3 months ago](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/#post-17420104) * UPDATE: I have isolated the cause of the ipify “failure: error()” response specifically to the AdGuard Extension Privacy filter. I can turn the error on/off at will simply by activating or deactivating the Privacy filter. After doing excessive debugging however now the “IP address according to Cloudflare” responds correctly without error and only the two “IP address according to Ipify” responses fail. Also odd, this is now only happening on my MacBook Pro which is older so not running the latest OS, but all the apps are up to date. Anyways, something about Ipify and the Privacy filter and my MacBook don’t get along. This happens exactly the same in Safari, Firefox, and Chrome. * That’s all the energy I have for this particular issue. Maybe you and the folks at Ipify can sort the rest out. * And in other UPDATE news… I have the CBBFP working correctly on all computers. It’s been working for a few days now but I don’t know yet what exactly is/was at the root of the problem. I disabled Cloudflare completely and put the website in maintenance mode for the time being to protect it while CF is disabled. I am slowly adding back all my CF rules one at a time to see what might trigger the error again. Or if maybe taking the site out of maintenance mode is what triggers it (I doubt it, but who knows). So the fix is still a work in progress. I figure it will take about a week to go through reactivating everything and ( hopefully) get a definitive answer. * That’s all the news for today… * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[All-In-One Security (AIOS) – Security and Firewall] IP Detection Error; Cookie Based Brute Force Lockout](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/) * Thread Starter [pcde](https://wordpress.org/support/users/pcde/) * (@pcde) * [2 years, 4 months ago](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/#post-17413964) * OK… I think I’ve discovered something… I’m still verifying the fix but… as far as the ipify failure issue goes, I am pretty sure is was caused by the AdGuard ad blocker browser extension. I am thinking an extension filter update a while back maybe started blocking ipify? I disabled/removed the extension last night and cleared the Cloudflare cache and presto, no more ipify failure messages. CBBFP also started working again at the same time (but CBBFP had stopped working again by this morning). * My only uncertainty about this ipify fix is that today, on my other computers that still have AdGuard installed, ipify is also working. So maybe AdGuard is not the problem? Or perhaps there was another AdGuard filter update overnight that fixed it? IDK. I am observing and waiting to see if this fix sticks. I’ll keep you posted. (And I will check those two DB tables you mention. Thanks.) * Amazingly, at the moment the CBBFP is also working on all my computers. But this is not unusual for it to work again for a period of time after I disable it via wp-config and then re-enable it. So that fix is also TBD. We’ll see how long it lasts. But as of right now I have successfully logged on 3 different computers using 2 different browsers (Safari and Chrome). * Keep your fingers crossed. * PS – I spoke with my ISP last night for a loooong time and they confirmed that all my CF DNS settings are correct. Also that there was nothing in their logs that pointed to any sort of error. So at least that is eliminated as a possible cause. Cheers. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[All-In-One Security (AIOS) – Security and Firewall] IP Detection Error; Cookie Based Brute Force Lockout](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/) * Thread Starter [pcde](https://wordpress.org/support/users/pcde/) * (@pcde) * [2 years, 4 months ago](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/#post-17410819) * Thanks for this info. I am working on it. * Quick question: Could the PHP version I am using have anything to do with this? I am using v8.2. Thx. * FYI: So far I’ve confirmed that the AIOS cookie is there and it has the correct expiration date, so that much is good to know. But it is still a big mystery why I’m being redirected. ipify is still showing a red failure message but the IP address in the dropdown is correct. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[All-In-One Security (AIOS) – Security and Firewall] IP Detection Error; Cookie Based Brute Force Lockout](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/) * Thread Starter [pcde](https://wordpress.org/support/users/pcde/) * (@pcde) * [2 years, 4 months ago](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/#post-17407640) * Hi again — Thank you so much for the offer to log in to my website/CF etc. I think before we do that I want to try one more thing myself. * (Sorry , this is a long message…) * Since the CBBFP works perfectly on my staging website, and my staging website is exactly the same as my live website (same server too) except it does not use CF, then logically it would seem that the problem must have something to do with my CF setup. But that said… even when I disable CF on the live website the problem remains. * Also, the separate issue (that may or may not be related) of Settings > Advanced, the ipify service is returning a red: failure: error() for CF, IPv4, and IPv6. This is happening on both my staging website and my live website. On occasion ipify returns the IP’s correctly, but most often not. this never used to happen. The IP does appear correctly in the dropdown list below the ipify data. This issue has nothing to do with CF and when I go to any other IP service (such as What Is My IP Address which you link to above) every service returns my IP’s correctly. * I noticed that ipify uses as specific IP and AS#. I have made sure those are not blocked, but can you tell me if there are any other IP’s or AS#’s or services that AIOS is dependent on for its operation? I want to make sure nothing necessary is blocked. * As it stands, on the live website (that uses CF) CBBFP works perfectly for a period of time after being activated but then sometime shortly after that starts redirecting to 127.0.0.1. So my best guess is somehow on the live website the CBBFP cookie is being deleted, or not being saved, or not being found, or is expiring prematurely. I recall that there was a “cookie write test” when I first activated the CBBFP feature. I have not had to re-do that test in a long time. Is there a way to re-activate that test to see if it is still passed successfully? * Anyways, I am going to revisit everything at CF (again) and see if I missed finding some setting that is not as it should be (including my DNS settings, though my DNS settings have not changed since before these problems started). I will also talk with my ISP and see if there is some permissions or other issue that might be affecting the CBBFP cookie being written. I welcome any other suggestions you may have. * I the mean time, if you could please look in to why ipify is no longer working as it should. It would be good to fix that to rule it out as a part of the problem. * Thanks! Eventually we will figure this out. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[All-In-One Security (AIOS) – Security and Firewall] IP Detection Error; Cookie Based Brute Force Lockout](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/) * Thread Starter [pcde](https://wordpress.org/support/users/pcde/) * (@pcde) * [2 years, 4 months ago](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/#post-17400989) * Hi again. Just an update for you — no progress unfortunately. I went so far as to deactivate every single other plugin except AIOS (on my staging website which does not use Cloudflare) and that made no difference. Both the live site and the staging site show the same red IP detection failure error message (in Settings > Advanced). However on my staging website CBBFP continues to work as it should. But on the live site CBBFP works for a while after activation and then stops and has to be deactivated via wp-config. (Reminder: the live site uses Cloudflare). * It’s so odd. Is there anything else I can do to help? I am out of ideas. * My thanks again for your help. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[All-In-One Security (AIOS) – Security and Firewall] IP Detection Error; Cookie Based Brute Force Lockout](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/) * Thread Starter [pcde](https://wordpress.org/support/users/pcde/) * (@pcde) * [2 years, 4 months ago](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/#post-17396316) * Thank you so much for your help looking in to this. I am going to try some more troubleshooting over the weekend to see if maybe I missed something. One thing I can tell you is the problem is the same no matter what browser I use (Safari, Chrome, Firefox) and no matter what computer I am using. So that much I know. I have cleared all browser caches, the Cloudflare cache, and the website cache with no change. I have not yet spoken with my hosting provider to see if they may be playing a part (which seems unlikely to me). * I’m really hoping I’ve just overlooked something simple. My thanks again! - This reply was modified 2 years, 4 months ago by [pcde](https://wordpress.org/support/users/pcde/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[All-In-One Security (AIOS) – Security and Firewall] IP Detection Error; Cookie Based Brute Force Lockout](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/) * Thread Starter [pcde](https://wordpress.org/support/users/pcde/) * (@pcde) * [2 years, 4 months ago](https://wordpress.org/support/topic/ip-detection-error-cookie-based-brute-force-lockout/#post-17391965) * Yes, when I disable CBBFP via wp-config I can login again normally (I also use the AIOS Rename Login Page feature secret word). * What is interesting (or confusing) is, I also have a staging website that is identical to my live website — same server, same code, same plugins, same everything, except the staging site does not use Cloudflare. CBBFP works normally there. No issue at all. Even though the Settings > Advanced > IP Detection shows the same red IP address failure message as the live site. (On the staging site, some plugins are not activated during development, eg Autoptimize, but I have tried turning them on/off to see if they were affecting anything and apparently they are not.) * As for the Settings > Advanced > IP detection, the IP address that is listed in the dropdown menu appears is correct. Generally it is the IPv6 that is active, but sometimes it selects the IPv4. The only unusual thing (other than the red failure message) is that only the REMOTE ADDR and CF_CONNECTING_ options are available. IIRC all the options were available before. * Regarding the Whitelist IP issue, I am not familiar with that. Is there anything I can check to see if that is the issue and correct it? My only experience with the IP Whitelist is about a year or more ago I activated the IP Whitelist feature to try it out and successfully locked myself out of the website. lol Thankfully you guided me in deactivating it, I turned it off, and it has never been an issue since. * One question: I have certain AS#’s blocked by Cloudflare. Is AIOS dependent on any particular AS# or IP’s having access to the origin server? Or does it need to access any certain php files that maybe I have blocked by accident? * I am at a loss. Any suggestions you have are appreciated. Will try anything. This issue only started about a month ago, maybe two. * My thanks again. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[All-In-One Security (AIOS) – Security and Firewall] Change Cloudflare Turnstile Widget Theme](https://wordpress.org/support/topic/change-cloudflare-turnstile-widget-theme/) * [pcde](https://wordpress.org/support/users/pcde/) * (@pcde) * [2 years, 6 months ago](https://wordpress.org/support/topic/change-cloudflare-turnstile-widget-theme/#post-17223083) * Hello — I would just like to echo this request. Something like a dropdown to select the light vs dark vs auto Turnstile theme would be amazing. Thank you! * (And thank you too for creating such an amazing plugin. Cheers.) Viewing 15 replies - 1 through 15 (of 22 total) 1 [2](https://wordpress.org/support/users/pcde/replies/page/2/?output_format=md) [→](https://wordpress.org/support/users/pcde/replies/page/2/?output_format=md)