Jili gaming ph.REGISTER NOW GET FREE 888 PESOS REWARDS!

danbrady
(@danbrady)

12 years ago

We have Better WP Security running on a multi site with Login Security Solution.

Both are installed and activated at the network level.

I have disabled ‘Enable Login Attempts’ and deselected ‘Blacklist Repeat Offender’ but the plugin is still blacklisting IP addresses. More than that, it is blacklisting regular users who are simply accessing the home page from an internal page.

This seems to happen only in IE8. It occurred on https://www.danbrady.co.uk and again when tested in browserstack using IE8 windows – go to an internal page then click on ‘Home’ – it brings back a most unhelpful “error” page which I think is the 418 teapot error. The email notification I get from this event states the IP has been locked out “due to too many attempts to open a file that does not exist.”

Login Security Solution suggests that some features need to be disabled in BWPS for them to ‘play nicely’ together:

Better WP Security: Their “Enable Login Limits” and “Enable strong password enforcement” functionality conflict with our features. The good news is we provide more robust protection in those areas and the Better WP Security “Settings” page lets you disable those features in their plugin.

I have disabled the login limit as described above so how is this occurring?

Can you please be specific about which settings should be disabled?

FYI we have APC caching on the server

https://www.ads-software.com/extend/plugins/better-wp-security/

Viewing 7 replies - 1 through 7 (of 7 total)

Thread Starter danbrady
(@danbrady)

12 years ago

Also, I have ‘Enable strong password enforcement’ deselected as recommended by Login Security Solution

Thread Starter danbrady
(@danbrady)

12 years ago

I’ve disabled Login Security Solution and the problem is still occurring, so perhaps it isn’t a conflict after all.

Something in Better WP Security doesn’t like our multi site (or vice versa).

Could this be to do with the APC caching we have installed?

Thread Starter danbrady
(@danbrady)

12 years ago

Disabling Better WP Security brings the site back…

Handoko
(@handoko-zhang)

12 years ago

Hello danbrady.

I think your problem is not because of the Enable Login Attempts.

It sounds you should disable 404 Detection. Goto menu > Security > Intrution Detection > don’t Enable 404 Detection.

Why this problem happened? Many possiblities. Improper caching settings or compatibility of both the plugins could cause this issue too.

If you want to know more about this 404 errors, you may read my last post in this thread:
https://www.ads-software.com/support/topic/plugin-better-wp-security-better-wp-blocking-googlebot

Thread Starter danbrady
(@danbrady)

12 years ago

Yes, it was 404s. The home page had about 8 x 404s –?inc 4 to theme files eg jquery.

Thanks for your help

I wonder if BWPS can be fine-tuned, so it only triggers on 404s to certain types of file?

Handoko
(@handoko-zhang)

12 years ago

Many users have problem with 404 errors, I did too. It would be great if we can whitelist certain 404 errors.

Unfortunately, there is no such feature in this plugin for whitelisting or fine-tuning.

AITpro
(@aitpro)

12 years ago

https://stackoverflow.com/questions/9186031/htaccess-errordocument-404-conflict-with-rewriteengine-on

https://stackoverflow.com/questions/8766539/htaccess-to-redirect-to-404-not-found-message-on-unauthorized-folder-access

https://serverfault.com/questions/293792/apache-mod-rewrite-to-return-a-404-except-one-directory

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Blacklisting regular users on regaulr page visits’ is closed to new replies.