Hello,

I started using Cloudflare to further protect my site, and discovered a problem with your plugin.

The IP addresses setting in your plugin in the “Unrestricted IP addresses” section – doesn’t work correctly. Namely – even with “white” IP addresses added in the settings (from which I want to have access to the site) I can not get access to the front-end of the site. I can access the admin panel, but not the front-end. The standard message about site access restriction configured in your plugin appears.

I believe that this problem is directly related to the fact that Cloudflare DNS Proxy is active, as a result of which IP addresses configured in the plugin will not work anyway, because the site is behind the Cloudflare Proxy server.

Is there a solution to this problem?
How can this be fixed?
Is your plugin compatible with a configuration that includes an active Cloudflare DNS Proxy?

I will be grateful for the answer and help.
Thank you!

PHP 7.4.33
Apache
WordPress 6.5.5

Thank you for your Plug in.

I have a problem if I enable “Restricted Site Access” I can no longer log in via a JWT token with POST request. I believe this action is also restricted.

I am using the plugin “Simple JWT Login” to manage cross-platform logins.

Hope there is a solution.

Hi,
on the site in question we have installed the plugin which works great.
However, we have an exception to make because on the login page there is a “Contact us” (Contattaci) button which opens a panel with a contact form created with CF7 which however cannot be sent (there are errors in the console).
The same contact form is present on a page within the site when logged in and it works wonderfully.
Is it possible to make this work on the login page too? Thanks

We were able to logged in! It looks like the IP restrictions area working though. When using an incognito browser window from cellular service, its letting me go right into the site content.
Is there any issue using incognito browser ?

Hi there. there seems so be a redirect issue when using your plugin on a Multisite network. Some users get redirected to a splash screen with all sites they are connected to and not the WP login screen as applied in the settings. We manage to fix it by adding a function to log the user out and force login again to reset the permissions. Not sure if this will be a good fix since an update will remove that code again. Can you please let me know what can cause this? Thank so much.

I don’t know what has happened, Please Help. I have used the Restricted Access plugin forever and it has always worked even with (Autoptimize & Super Page Cache for Cloudflare). I just updated your plugin and now see “Page caching appears to be enabled. Restricted Site Access may not work as expected.”? I was going to test a new plugin (Seraphinite Accelerator) on my site and when I installed it this pop up came up saying “Page caching appears to be enabled. Restricted Site Access may not work as expected.”, so I quickly uninstalled it. I have tried to get the Restricted Access to start working again and it will not work. How can I get it to start working again ?

It would be super if the Dev’s would address this vulnerability.

https://patchstack.com/database/vulnerability/restricted-site-access/wordpress-restricted-site-access-plugin-7-4-1-ip-restriction-bypass-vulnerability?_a_id=431

Sorry i cant link the actual site because its an intranet and right now it is not restricted.

I used to login with Google and it respected this plugin visibility settings. Now i switched to wpo365 and it somehow removed the visibility settings from WordPress, even after i uninstalled it!

Right now when i set my site to restricted by IP/loggedin and hit save, the wp page just shows the 3 options unchecked and what i set in “Restrict site access to visitors who are logged in or allowed by IP address” is gone!

How do i get it to work again? I removed the w365 plugin entirely and messaged the author too.

Hi,

Would you advise going into maintenance mode before updating RSA? In other words, should I update with RSA activated or deactivated? Is one method preferred, or are both equally safe?

Thanks!

Mike

Hi, when I activate Site Restricted plugin, the pdf self hosted file and videos started displaying error. When I deactivate this plugin everything start working normally.

Do you have any solution?

https://mocksurl.com/mockup/41435/83-screenshot_2023_10_31_at_23_37_54_dental_insurance_key_terms_____knowledge_base.png

I installed plugin corretly and now site redirect to login page if access is made from a different IP. However, the media can also be accessed from external IPs. How can it be blocked?

Hello…. Is there a way to redirect to a specific page or at the main page after login?

Thanks!

Hello,
we want to grant access to an external organization.
They have provided the following IP addresses:

87.190.1.160/27:

87.190.1.161
87.190.1.162 
87.190.1.163 
87.190.1.164
87.190.1.165
87.190.1.166
87.190.1.167
87.190.1.168
87.190.1.169
87.190.1.170 
87.190.1.171 
87.190.1.172
87.190.1.173 
87.190.1.174 
87.190.1.175 
87.190.1.176 
87.190.1.177 
87.190.1.178 
87.190.1.179 
87.190.1.180 
87.190.1.181 
87.190.1.182
87.190.1.183 
87.190.1.184 
87.190.1.185
87.190.1.186
87.190.1.187
87.190.1.188
87.190.1.189
87.190.1.190 
87.190.1.191 

Do they all need to be added manually or can we somehow group the IP addresses so that we do only have to add 1 or 2 lines in the input field in the plugin?
Thank you very much.

All of a sudden, I am not able to save within the reading tab. We restrict all but allow access to some IP’s. As of last week, I am not able to save more IPs. Is there a limit? there are only about 50. We are able to remove but when we try to add, it seems to lock up the page and greys out the submit button.

We tried deactivating all plugins and also rolled back wp to 6.2. nothing has worked. No recent changes have been made to the site or plugins. Appreciate any help.

Youre Plugin Code is not copartable with wordpress Vip Code. They Give me error please solve this issue “Due to server-side caching, server-side based client related logic might not work. We recommend implementing client side logic in JavaScript instead”

File Pathe : plugins/restricted-site-access/restricted_site_access.php
Line No:- 616, Case 2 ,
SS: https://prnt.sc/HuF3HMMcs4-U

We have fix this issue on line Line No.472 To Add javascript But I’m Not able Fix this in Line 616 SS: https://prnt.sc/kKeSmktMv1mU

Compile Time Error: https://prnt.sc/H_aTJ2VQibWA

Good morning. I administer a multi-site.

location01 = IP access on my office and user01 has access
location02 = IP access at home and user01 and user02 has access
location03 = IP access at home (but user01 and user02 don’t have access)

When I am at home and are logging in with user02 I cannot see location03.
Is this normal behavior? So logging-in restrictions go above IP restrictions?

• This topic was modified 1 year, 5 months ago by Damiaan van Vliet.

Suddenly the Unrestricted IP addresses list stopped working and prompts for users to login.

Any help troubleshooting would be greatly appreciated. There have been no changes to the site that I am aware of other than the external IP of the site itself.

Hi! I want to make my website visible for logged-in users only. But this only seems to work half of the time – regularly, the login screen is being skipped and the page appears to be publicly accessible. I suspect that WPengine’s built-in caching solution is interfering, and your plugin has a helpful notification that points me in that direction. I can’t deactivate their caching solution, and WPengine is a well-known managed hosting solution, who even advertise the plugin on their website (https://wpengine.com/solution-center/restricted-site-access/) – I have chatted with their support team and it is now a support ticket they are hopefully looking at, but I haven’t had much success. I can imagine there might be more people who have had this specific issue, or perhaps the plugin author might be able to offer helpful advice. Thanks!

Our public IP address which has been whitelisted under settings is still showing the restricted access message.

Hi,

I want to exclude the login page from restricted access but there are also pages to be excluded that is part of the login page URL. Is there a way to exclude the /login/ page and every other sub URL or URL Query Parameters using /login/?

I also use an ‘One Time Password’ plugin where the URL has Query Parameters. For example: /login/otp/?uid=x&_wpnonce=xxxxxxxxx.

Regards.

Hi there!

Before you create your own thread on these forums, please note that the Restricted Site Access plugin is marked as Stable support:

10up is not planning to develop any new features for this, but will still respond to bug reports and security concerns. We welcome PRs, but any that include new features should be small and easy to integrate and should not include breaking changes. We otherwise intend to keep this tested up to the most recent version of WordPress.

Given the above support note, we do not intend to be regularly active on these support forums and will instead keep a closer eye on bugs or security reports within the GitHub repository. Even with the Restricted Site Access plugin being under Stable support, there are several ways in you can find the answers to your questions:

• Search the support forums.
  You best option will likely be to search these forums first. Its possible that most general questions have already been asked and answered within these forums. This means that a proper forum search can help you answer a lot of questions. So fire up your search skills and see if you can get your questions answered here! And if you see a question you can answer, please be part of our community and help others out! It’s much appreciated!
• Found a bug? Use GitHub.
  If you’ve discovered a bug in our software, the best place to report it is on GitHub. This is where our team is most active. We will review your bug report and triage the bug. The more relevant details you add to your report, the faster bugs are usually solved. You can find the Restricted Site Access repo on GitHub here, but remember to search first on GitHub too to see if there’s an existing (open or closed) issue that might already provide you with an answer to your question!

Thanks,
Team 10up.

Installed RSA does my SOE need IP’s added to my non restricted.

When I am logged off my WordPress site everything is navigable. Had the impression the login page should show instead of the pages.

I have added my ip address for no restriction would this be the reason?

Should I remove my ip address

Plugin is set to “Restrict site access to visitors who are logged in or allowed by IP address”. We have about 50 IP addresses that are whitelisted to access the site. Some people are getting Access Restricted notices when they navigate to a new page but they should be able to see the whole site from their IP address. No other restriction rules have been set other than the above mentioned.

Hi there!

Does anyone knows how to fix the cookie error in Google Chrome? Is something with this plugin, because when I deactivate it the login page is working normal.

With the plugin active, I can not log in to my website. The website is giving me this error:

“Cookies are blocked or not supported by your browser and you must enable cookies to use WordPress”.

I made all the enabling from the browser, but the problem still persists.

Any help would be highly appreciated.

Thanks in advance.

Hey there,

first of all, thanks for the plugin. It works very well and i like the easy way, to restrict the access off the Website.

The server, the website is running on is standing in my home-network, and i want, that users, which have the same public ip adress like the server can access the website without any login. In the context, all user, which are using the internet at home.

I created following code in the wp-config. php:

// Rufe den checkip.dyndns.org-Dienst auf und speichere die Rückgabewerte in einer Variablen
$ip_address = file_get_contents('https://checkip.dyndns.org');

// Entferne alle nicht-numerischen Zeichen aus den Rückgabewerten, um nur die IP-Adresse zu erhalten
$ip_address = preg_replace('/[^0-9.]/', '', $ip_address);

// Speichere die IP-Adresse in einer Variablen
$server_ip = $ip_address;

// ?ffnet das Dokument mit schreiben
$file = fopen("ipneu.txt", "w");

// Schreibt die IP-Adresse in das Dokument 
fwrite($file, $server_ip . "\n");

fclose($file);

// Fügt die IP-Adresse zu den "erlaubten" hinzu. 
Restricted_Site_Access::add_ips( array( 'five' => $server_ip) );

When i run this code, i get a http 500 failure. When i comment out the “Restricted_Site_Access” my code works fine and the ip-adress is written into the document. But i have to login, also when i use the same public IP-Adress. Logical. I write the ip to the document, that i can check, that my code works well. When everything will work, i will remove this part of the code.

Sorry if there are stupid errors, I’m just starting to deal with php.

Can you help me out with that?

Thanks!

Greetings,

Luca

Using Version 7.3.4, and for some reason today, our ability to send restricted users “to the WordPress login screen” is no longer working and our client’s website is wide open to the public.

The only thing we did recently is our client added Cloudflare prior to hitting our servers. Would this have an effect on this behavior?

Warning: require_once(vendor/autoload.php): failed to open stream: No such file or directory in /var/www/html/wordpress/wp-content/plugins/restricted-site-access/restricted_site_access.php on line 16
Fatal error: require_once(): Failed opening required ‘vendor/autoload.php’ (include_path=’.:/usr/share/pear:/usr/share/php’) in /var/www/html/wordpress/wp-content/plugins/restricted-site-access/restricted_site_access.php on line 16
[root@ip-13

We use a combination of Restricted Site Access and an external authentication system. When a user requested access to a specific page, with v7.2.0 the user was sent to the external authentication system and was then redirected to the page they requested. With v7.3.2 the redirection no longer works – after authenticating on the external system, the user is sent to the home page. Any suggestions for settings to get redirection working again would be gratefully received. Thanks.

Hi,

This isn’t really support so much as help with expanding on existing information collected by the plugin. It is working great!

So I enter an allowed IP address or range plus a name to help identify the entry. Is there a way I could display a message in my template like “Welcome (entry identity value)” if the visitor falls within the correct range?

Users for the site do not log in, they are either in the list or not. Just thought it would be a cool thing to add some personalization.

Thank you,

Jason