Ver 8 Is hell bad

Hi AnkitSharmaTV,

It could be the IP is automatically added to the temporarily authorized hosts list…
I’m pretty sure lockouts work as expected.

Oh almost forgot, it looks (to me) like you gave a 5 star review.
Give the plugin a second chance and if it still doesn’t work change the review to 1 star ??

+++++ To prevent any confusion, I’m not iThemes +++++

LOL, I wanted to give 1 Star but somehow it took 5 starts.
I never did anything with the IP address but somehow after this new version, the plugin is useless. It’s not even blocking the “admin” username login attempts, even when my option of Brute force attack is ON for blocking “admin” username attempts.

Ok, this is the test I just did.

Using a browser extension named X-Forwarded-For Header in the latest Firefox browser I spoofed my IP. This way I’m sure my current random (and spoofed) IP is not in the temporarily authorized hosts list (I haven’t ever successfully logged in as an administrator using this IP).

Then I performed a failing login attempt while using the “admin” username and my (spoofed) IP was immediately (temporarily) locked out (if I repeat this 2 more times the IP gets permanently banned).

Note the setting that needs to be enabled in order for this to work properly can be found in Security > Settings > Lockouts > Local Brute Force -> Automatically ban “admin” user

Notice it currently uses the word “ban” which IMHO is incorrect. It should say: Automatically lockout “admin” user
because that is what it does.

Everywhere else the plugin functionality distinguishes between (temporarily) lockout and (permanently) ban, but for unknown reasons it uses the wrong term in this setting.

Anyway it works, 100% ??