"Immediately block IP after any request to wp-login.php" locks me

Hi!
Did you set any Custom login URL? I mean do you have particular page or URL that allows you to log in to the site?

No – all is standard. I have exported the settings (except the one with wp-login.php):

{
“cerber_version”:”1.8″,
“home”:
“http:\/\/www.Myhomepage.com”,
“date”:”21 Nov 2015 10:12:05″,
“options”:
{
“attempts”:3,
“period”:60,
“lockout”:180,
“agperiod”:24,
“aglocks”:2,
“aglast”:12,
“notify”:”1″,
“above”:”5″,
“nonusers”:”1″,
“noredirect”:”1″,
“loginpath”:””,
“cilimit”:200,
“ciperiod”:30,
“ciduration”:60,
“ciwhite”:”1″,
“cinotify”:”1″,
“keeplog”:”30″
}
}

Your Custom login URL is empty. Just set something in this field and everything will be fine. Remember or write down your new login URL.

Hello,

thanks for fast answere and sorry for keeping to ask …

We have got a second page which is running as multisite and we did not run into this troubles there. There is no custom URL but the setting with wp-login.php is active and all is fine:

{
“cerber_version”:”1.8″,
“home”:
“http:\/\/MyMultisite.com”,
“date”:”21 Nov 2015 10:24:09″,
“options”:
{
“attempts”:3,
“period”:60,
“lockout”:60,
“agperiod”:24,
“aglocks”:2,
“aglast”:12,
“above”:”30″,
“nonusers”:”1″,
“wplogin”:”1″,
“noredirect”:”1″,
“loginpath”:””,
“cilimit”:200,
“ciperiod”:30,
“ciduration”:60,
“ciwhite”:”1″,
“cinotify”:”1″,
“keeplog”:”7″
}
}

If you checked

Immediately block IP after any request to wp-login.php

you can’t use wp-login.php anymore. You need to have some login form. How will you sign in to the site?

Now also the multisite locked my IP when I activated “Immediately block IP after any request to wp-login.php” and requested /wp-admin.
I have no idea why it worked this morning … anyway, it makes sense this way.

Maybe it makes sense to add this line to “custom login page” paragraph and also add a check that “Custom Login Url” is set, because most time you have add an URL if you want forbid requests to wp-login.php.

Sorry, I don’t follow you. What line do you mean?
There are a lot of plugins and themes that allow to create a login form and/or particular page to use with that form. That’s why there is no reason to pairing this fields.

That’s the reason why I wrote “most time”.

A security plugin is a very critical plugin and user will be disappointed if they fail and lock out themselves. As a user I expect also some security at the main settings. Means: Whatever I do, I will not lock out myself by mistake.
If I want an interaction with other plugins or themes, I am expecting these settings in an “advanced” tab.

Usability is often connected with a point of view and freedom and flexibility is quite often in conflict with security.

It’s just a feedback – I still like your plugin!

I hope you will be happy with Cerber! Thanks for your feedback.

P.S. I got you. But I thought, that is so obvious that if someone disabled wp-login.php and doesn’t set any Custom login URL, they can’t login to the site without extra plugins/themes. I understand that people love “one button” solution like ‘Click on me to get protected’. But this is a security plugin. Users need to understand consequences of their actions.