Login whitelist feature effects all logins, not just wp-admin

  • Resolved blueoaks

    (@blueoaks)


    3 years, 6 months ago

    I have found that the Brute Force: Login Whitelist feature of AIOWPS is the most effective method on my site to prevent attacks. However, when I enable it, it prevents anyone from entering passwords anywhere on the site – e.g. to view a password protected page – and not just /wp-admin

    The description of this feature says “The All In One WP Security Whitelist feature gives you the option of only allowing certain IP addresses or ranges to have access to your WordPress login page.

    But it appears it is not being limited to the wordpress login page.

    I don’t have a blog and so I can’t test it on blog subscriber logins, but I do have pages with a simple password, and when this feature is on and the password is entered correctly by someone who is not whitelisted for /wp-admin they are not able to view the protected page. They hit ‘enter’ and nothing happens. It should reveal the protected page content but it does not. When I disable this feature it works as expected. Please help. Shouldn’t this feature be limited to the admin login page only rather than site wide? How can I make it so? Thanks

Viewing 1 replies (of 1 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    For testing purposes, can you carry out a plugin/theme conflict test. Then carry out a test yourself. Let me know what happens.

    Thank you

Viewing 1 replies (of 1 total)
  • The topic ‘Login whitelist feature effects all logins, not just wp-admin’ is closed to new replies.