I’m using a plugin called Superfly Menu (https://superfly.looks-awesome.com/). When I try to edit the options in the admin area, I’m locked out by the firewall. This is what the email that I receive says:

– Page parameter failed firewall check. The offending parameter was “sf_display” with a value of “{“user”:{“everyone”:1,”loggedin”:0,”loggedout”:0},”desktop”:{“yes”:0,”no”:1},”mobile”:{“yes”:1,”no”:0},”rule”:{“include”:0,”exclude”:1},”location”:{“pages”:{},”cposts”:{},”cats”:{},”taxes”:{},”langs”:{},”wp_pages”:{},”ids”:[“”]}}”.
– Firewall Trigger: PHP Code.

I’ve tried whitelisting all of these things, and none of these has worked:
*, sf_display
options-general.php, sf_display
options-general.php, page
*, page
options-general.php, superfly-menu-options
*, superfly-menu-options

According to what I’ve read, it seems like the first or second line should have worked for this.

The only way I’m able to edit the options for the Superfly Menu page is by checking the box for the firewall to ignore administrators. Is there some other way I should be entering this parameter into the whitelist?

Thank you!

https://www.ads-software.com/plugins/wp-simple-firewall/

Somehow, it’s managed to load a login from my wordpress.com days – many years before this – and one I’ve never used to login here. I assume that’s a wp issue somehow.

But the firewall will not accept the login I use for this wordpress installation.

Currently I’ve had to rename the plugin so it’s “off” and I can login, but I don’t know how to change the firewall settings with it off.

I use cloudflare, which was set to development mode (or off) before I logged into my wp account, so it’s not likely related to that which is the only time I’ve had a login issue for this installation of wp.

https://www.ads-software.com/plugins/wp-simple-firewall/

https://www.ads-software.com/plugins/wp-simple-firewall/

I am wondering how this is possible if my login page is, in effect, invisible? Somehow Wordfence is registering 20 login attempts from someone even though the login page is hidden.

I would appreciate your thoughts on this.

https://www.ads-software.com/plugins/wordfence/

Since I have full access to my database, I’d be happy to just add this as a database entry rather than going through the user interface. I tried adding the entry as below:

ip: 192.168.0.0-192.168.255.255
label: No Label
list: MW
ip6: 0
range: 0
transgressions: 0
last_access_at: 0
created_at: (timestamp)
deleted_at: 0

This did not seem to whitelist correctly through (I noticed that GASP protection on comment forms was still enabled for clients in this range). What am I doing wrong?

https://www.ads-software.com/plugins/wp-simple-firewall/

WARNING: Result of table check for […]_icwp_wpsf_spambot_comments_filter is: 1 client is using or hasn’t closed the table properly
WARNING: Result of table check for […]_icwp_wpsf_audit_trail is: 1 client is using or hasn’t closed the table properly

This is on a multisite. The spambot_comments_filter warning is made for most sites, yet not all these sites use a comment form. The audit_trail warning is only for a few sites. Only one site has the audit_trail warning, but not the other one.

https://www.ads-software.com/plugins/wp-simple-firewall/

I never thought I’d move away from Wordfence, but I read a lot about Simple Firewall, liked the sound, your article on the misinformation virus makes a lot of sense and I wanted 2-factor authentication for all, but subscribers, so I gave your plugin a try.

There is a lot I like about the plugin, but on multisite it requires to authenticate for every site separately. That is a bit of a problem.
— 1. Is there a way to avoid this?

Also, when trying to login again through the main site instead “Firewall Trigger: Leading Schema” was triggered due to “offending parameter redirect_to”. The same happened when saving changes to a page. It’s stated to be prone to problems, but it would not have been clear without the audit trail viewer. Suggestion: Perhaps something like “When you get locked out, this should be the first to turn off” would be helpful to others.

Either way, it leads to a feature request.
— 2. The error message when getting locked out is not very helpful to members. It would be great to be able to change that and totally awesome if it would be possible to add some style to it too.

While I’m at it, one more question…

— 3. I noticed you are very familiar with Cloudflare. Cloudflare recommends to whitelist their IP’s. Is it indeed recommended to do so in the firewall?

Thank you for your help!

https://www.ads-software.com/plugins/wp-simple-firewall/

I encountered issues a few hours ago that locked me out of my blog and redirected me to blank pages.

I have only two plugins installed, and apparently the firewall (Simple Firewall) and Fastest Cache went into conflict as I also have another firewall (Wordfence) and Fastest Cache installed on another blog on the same servor and the blog was working perfectly fine.

As I couldn’t login at all nor visit my website anymore (I could only see the cache homepage but if I clicked on a link, I had a blank page), I decided to uninstall manually my two plugins, WP Fastest Cache and Simple Firewall, and my website went back to life.

I have deleted the plugin in the “wp-content/plugins” directory and I have cleaned the htacess and I would like to know if there are other files in the ftp or phpadmin that I should delete before installing the plugin again with another firewall that won’t see any change that happens in a plugin file as a dangerous threat without asking my opinion.

Sorry for my English.
Thank you for your attention
Have a nice day

https://www.ads-software.com/plugins/wp-fastest-cache/

https://www.ads-software.com/plugins/wp-simple-firewall/