Whitelist Feature Blocking Log In

Hi, is your IP address static or dynamic? Did your host update your server by any chance? Did you update any plugins or theme before this issue began? Did you enter the wrong login credentials by any chance more than once?

Regards

My IP address is dynamic, but it hasn’t changed. Just to be sure, I re-entered the IP address (clipped-and-pasted “Your Current IP Address” as shown by WP Security).

I don’t know if my host updated the server; I will need to contact GoDaddy to find out.

My themes have not been updated recently.

I de-activated all other plug-ins and tested, but that did not help.

No bad log-in attempts.

De-activating All in One WP Security (or just unchecking “Enable IP Whitelisting”) fixes the problem, but of course I lose the protection I enjoy when my site can only be logged in to from my IP address.

Hi, sorry but I just want to confirm. You said your IP address is dynamic that means that it changes every so often. Did you mean to say that your IP address is static?

Let me know what your host has to say about this issue.

Regards

It is dynamic, but it has not changed over the six months or so since I started using the Whitelist feature in AIO WP Security.

I spoke with GoDaddy, and they think the problem is the WP Security plug-in, and concerns the .htaccess file. They also noticed that the .htaccess file was unusually large; I don’t know what would have brought that about, as I don’t modify it directly myself. By the way, here are my other plug-ins:

Contact Form 7
PDF Embedder Premium
UpdraftPlus – Backup/Restore
Visitors Traffic Real Time Statistics
Yoast SEO

Hi, the .htacces file will increase in size because of the features you enable in All In One WP Security….plugin.

Can you disable and delete the All In One WP Security plugin. Then install a fresh copy. Carry out a test and report back.

Thank you

• This reply was modified 7 years, 2 months ago by mbrsolution.

I deactivated the WP Security plug-in, then deleted it altogether. I also flushed the cache.

I reinstalled the WP Security plug-in, and, before changing any other default, checked whitelist for my IP address. Unfortunately, that locked me out of my WordPress log-in page as before (502 Bad Gateway), so the problem remains.

Hi, try the following reset plugin. This should reset all your settings. This will allow you to start again. Perhaps this might fix your IP address issue. However if it does fixes your current issue and it happens again then I suspect it has something to do with your host server configuration.

Regards

• This reply was modified 7 years, 2 months ago by mbrsolution.

The reset plugin did not fix the problem, but thank you for trying, I appreciate your help and suggestion.

Hi, I have submitted a message to the developers to investigate further your issue.

Regards

Hi @redglare,
The following is the key statement:

My login whitelist suddenly stopped working

I think the answer to your issue lies in figuring out what changed on your system from when the white list feature used to work correctly to when it suddenly stopped working.
For example, did you update any plugins recently, was there any change to your server etc?

The reset plugin did not fix the problem

Can you please explain further? Do you mean that when you turned off all features of the aiowps plugin (including the white list feature), that you still see the issue?
Have you tried disabling only the white-list feature but leaving the aiowps plugin active? If so what do you see?
Have you tried doing various tests such as disabling/enabling the firewall features of the aiowps plugin to see if the problem goes away and appears for certain settings?

Hello wpsolutions,

I mean I installed the reset plugin, and used it per Step 5 of the link provided by mbrsolution, “to reset all the configuration of the main security plugin. So you can start fresh with that plugin again.”

Specifically, I first deactivated the AIO WP Security plugin. Then I deleted the AIO Security Plugin. Then I ran the reset plugin, which indicated successful reset and, presumably, a fresh start.

Then I installed and activated the AIO WP Security plugin, after which my login still worked just fine. Then I went straight to the Brute Force/Login Whitelist (where it shows “Your Current IP Address”); I pasted that IP address in to the “Enter Whitelisted IP Addresses” field, checked the box to enable, and clicked “Save Settings.”

It seems the only AIO WP Security feature that prevents me from logging in is “Enable IP Whitelisting.” In other words, if I disable only the white-list feature, there is no problem–my WordPress login page loads as usual, and I can log in as usual. It really seems to be just that option, when checked, that produces the “502 Bad Gateway” screen.

The problem may be fixed now.

One thing I tried along the way was restoring an earlier backup using my UpdraftPlus plugin. However, the attempt failed because UpdraftPlus said “Delete:
my-plugins-old-old-old: Failed.” “Old directory removal failed for some reason. You may want to do this manually.”

But I was unable to delete “my-plugins-old-old-old” through SFTP because the file was locked by GoDaddy. I called them again, and was finally able to convince them to delete the file for me.

Unfortunately this did not fix the AIO WP Security whitelist problem as I had hoped, but it did fix the UpdraftPlus plugin problem, which allowed me to make and restore a new backup…

And when I restored the backup I had just made–the whitelist problem in AIO WP Security was fixed! Just to be clear, I merely ran a full restore of the existing setup, not a backup from an earlier time.

The final test (other than the test of time) should take tomorrow, when I will have access to a computer that does not share my IP Address. Then I will be able to confirm that the IP whitelist feature is in fact enabled.

Still not fixed, as it turns out, as I was able to load the log-in screen from another address. I unchecked and saved the whitelist feature, then checked and saved it, which reengaged the feature. And the 502 Bad Gateway screen was back again at login. Too bad.

I now have the whitelist feature working, and have verified same by attempting to log in from other IP addresses. All I did was go to “Basic Firewall Rules” and enabled “Completely Block Access To XMLRPC.” Then the whitelist feature worked.

Afterward, I went back and unchecked “Completely Block Access To XMLRPC,” and the whitelist feature still works. So, for some reason, simply enabling that feature fixed the problem, and it stayed fixed even after then disabling the “Completely Block Access To XMLRPC.”

Again, I have verified the whitelist feature is actually working, as I could not access my log-in screen from two other IP addresses I tested. I appreciate your trying to help me with this, and thankfully the problem is now solved.