5.2.2 confusion

Hi,

Sorry that the message is causing confusion.

In the past we have had users who setup some options in the plugin, but them options did not work as they may not have been on a server that supported .htaccess

But they had accidentally set them options up to block them selves

But as the options did not work they didn’t notice anything and assumed they were being protected.

When we then ported them rules to the PHP firewall and they suddenly started working, they then got locked out and didn’t know how to get back in.

So we started disabling the rules we updated, so that users could login, double check the settings wouldn’t suddenly lock them out and then turn the rules back on.

So to answer your questions you had some of them rules turned on, they have now been turned off.

You can view the rules in the Firewall section of the plugin.

The button on the notice will turn them back on for you.

Hopefully that clears it up for you, if not let me know and I can help.

Best Wishes,

Ashley

Your plugin still says “The firewall functionality is achieved via the insertion of special code into your currently active .htaccess file” and “The advanced firewall rules are applied via the insertion of special code to your currently active .htaccess file.”.

If you tell us that it’s now through php, but also tell us that it goes through htaccess when we enable the option, it’s normal that no-one understands what’s going on.

Hi,

Yes because some rules are still done via .htaccess

We are in the process of converting all the .htaccess rules that can be converted into PHP based rules.

We are also in the process of moving around a lot of the UI options and part of this will be reworking the firewall admin menu.

Both of these tasks we are doing in parts and slowly to try and avoid introducing any issues.

Sorry for the confusion caused.

Best Wishes,

Ashley

Hi All,

Thanks for the feedback and sorry this message wasn’t clear enough.

We are working to port all existing .htaccess rules that can be ported over to the PHP firewall.

We are also working on cleaning up the UI/UX.

Both these we have been doing in chunks with the aim to not introduce any problems.

The next release we will make sure the UI makes it clear what rules are in .htaccess and what ones are PHP based.

For those still confused on whats happened:

If you saw the notice it will have a list of the rules that have been converted from .htaccess to the PHP firewall and that have been disabled to avoid any unexpected lockouts

This means them rules will no longer be in your .htaccess file and that they are currently turned off

After you have verified that the rules are not going to cause you any problems, you can select the button on the notice that will turn them all back on.

@siriusmw the basic firewall still runs via .htaccess so that setting should have been unchanged.

The only settings that changed last release are:

completely block xmlrpc
bad query strings
block proxy comments
advanced character filter

So they are the only ones you need to turn back on (if you previously had them on, the notice will tell you what ones you did have).

If you still have any other questions just let me know.

Best Wishes,

Ashley