Password protection alert

  • Resolved des2019

    (@des2019)


    10 months, 2 weeks ago

    I’m trying out the free version on a couple of sites (I’m not at liberty to post the URLs). One of the sites is putting up the Password protect alert. Both sites use the same web hosting company. No issues with SSL on either site. I’ve tried every possible solution I’ve read on this forum; nothing works. Now I would like to try something else, but need to know:

    1. Does your plugin depend on XML-RPC, and
    2. What is your IP range (I want to try whitelisting it).
Viewing 7 replies - 1 through 7 (of 7 total)

  • Hello,

    The plugin runs the scan from your hosting servers, so no need to whitelist any of our IPs. But if the server is not configured to resolve its domain back to itself (loopback) you will see the the password/cannot connect warning. The plugin does not require XML-RPC.

    Thread Starter des2019

    (@des2019)

    Thank you for your prompt reply. The reason I asked about whitelisting your IPs is because the only difference between the two sites is that the one that puts up that warning is using the premium version of Wordfence with the Country Blocking featured turned on.

    Back to the drawing board.

    Plugin Contributor Amber Hinds

    (@alh0319)

    @des2019 if you turn off the country blocking in Wordfence (temporarily) are you able scan? Or do you have a staging site where you can deactivate WordFence to see if that fixes the problem or rule out a conflict with WordFence?

    Thread Starter des2019

    (@des2019)

    Turning off country blocking did not solve the problem. I may use this on sites that it works on, and go with a different accessibility checker for all other sites.

    By the way, Wordfence is showing 1 vulnerability in your plugin:

    Missing Authorization

    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Plugin Contributor Amber Hinds

    (@alh0319)

    @Des21019 are you running an outdated version of the plugin? The vulnerability in the plugin that WordFence has flagged is from March 2022 and came from a third-party library (Freemius), which was removed completely from the plugin. If you’re seeing that vulnerability please check that you’re using the current plugin.

    Thread Starter des2019

    (@des2019)

    Thank you for the clarification.

    You can mark this thread as closed.

    Plugin Author Steve Jones

    (@stevejonesdev)

    Thanks, marking completed. ??

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Password protection alert’ is closed to new replies.