Ok, I got in without this IP in whitelist and without using the phony URL. So this new section in .htaccess isn’t effective. It locks me out on Windows laptop but lets me in on iPad.
AIOWPS_ENABLE_BRUTE_FORCE_PREVENTION_START
RewriteEngine On
RewriteCond %{REQUEST_URI} (wp-admin|wp-login)
RewriteCond %{HTTP_COOKIE} [NC]
RewriteCond %{HTTP_COOKIE} !aiowps_cookie_test= [NC]
RewriteRule .* https://127.0.0.1 [L]
#AIOWPS_ENABLE_BRUTE_FORCE_PREVENTION_END
I just checked every link in WP Security in my sidebar and can’t find the way I hid the URL or set the passphrase. I didn’t brute force my way in. I was in, did some stuff, decided to test the new URL but went the null route.
Something isn’t Kosher.
