Firewall locked me out of my site

Okay, with “forceOff” and you’re still getting that error page, something, somewhere is cached. ForceOff will ensure that it will absolutely not run the sub-feature processors – it’s just like turning off all the features.

Regarding caches, even turning off your caching plugin may not resolve this problem for 2 reasons, depending on the plugin – 1) they don’t clean out their settings and .htaccess modifications, or 2) the browser has the expire data cached and wont look for any changes.

Sorry for the trouble. I’ll be be releasing an update to this shortly with many more improvements to the whole system.

The sooner you get rid of the forceOff file, the better, since the plugin protection isn’t running. Ensure the IP Manager feature is off, make sure and flush your caching system fully, and delete the forceOff file. You should be fine.

Just to let anyone know who is subscribed to this thread… v4.10.2 has just been released and it fixes a few little bugs with the black list, as well as providing a more robust UI for managing it.

There is also a white list UI and if you’re using the original white list system, you should migrate over your IPs – the plugin will do its best to migrate most of them for you, but ranges will have to be manually migrated, and the plugin now support a more standard CIDR range format.

More details on CIDR and converting ranges:
https://www.ipaddressguide.com/cidr

All heck seems to be breaking loose now. After another customer couldn’t log in (plugin was updated, IP Manager turned off), I used the “forceOff” file to disable the plugin. They informed me that they were still seeing the message.

I checked my site in a new browser and started to get the message myself: “You have been black listed by the WordPress Simple Firewall plugin. You tripped the security plugin defenses a total of 5 times making you a suspect. If you believe this to be in error, please contact the site owner.”

So now for the crazy: I have completely disabled the plugin, removed all the “icwp_wpsf” tables from my database, removed all the “icwp_wpsf” rows in wp_options, cleaned caches both from my site and on my browser, checked my htaccess to see if there are blacklisted IPs written there, etc. The message persists!

A restart of my machine finally cleared the blacklist message in Safari.

It’s impossible that the site could continue to display that message without caching being involved. Unfortunately there’s nothing I can do to assist with that aspect of the sites, sorry. I’m glad you got it sorted in the end.