Chris Wiegman

You have 1 of three errors on your site:
1.) You’ve locked out each of those IPs legitimately (probably due to too many missing assets resulting in 404 errors)
2.) You have set your cache so aggressively that you’re caching error messages
3.) Your server is misconfigured and is not passing the correct IP to the plugin

Each of these are something you will need to fix on your server

Christoffer that is not correct at all. Only the user or IP causing the lockout is locked out. All other users can still access the site.

gbell12 Just because you have tried to login doesn’t mean someone else hasn’t tried it with your username. This is in fact the reason for the feature.

Hi fgerneth,

I actually use this method myself in my own multi-sites without issue. Can I please ask you to make sure you’ve set both WP_CONTENT_URL and WP_CONTENT_DIR in your wp-config.php?

Thank you for the feedback and my sincerest apologies for the frustration.

@lomars, I pushed a fix for this in htaccess earlier today.

@greatkeelyone, the white list shouldn’t show up. The ban hosts list is a different story but @lomars already posted the work around.

For contacting me, I’m easy to find. Just google me.

I pushed a fix to this earlier today. It was how folks were installing that wasn’t accounted for in my tests. My apologies for the inconvenience.

@nadworks forbidden means you’ve tripped the permanent blacklist feature. It sounds like you might have a lot of 404 errors from missing images or other items. I would recommend turning off 404 detection until you can fix those and remember that if my plugin is seeing them so is Google and other search engines. In the meantime you’ll have to manually remove your ip from .htaccess. As for the whitelist part, if that still doesn’t work for you contact me directly and we’ll get to the bottom of it (it isn’t hard to find me, just google my name).

@cheryl-k sounds like someone else is trying to log into your site as you. You can clear it via iThemes Sync or log in as a second user name. When you do get in make sure to change your username. This is actually what the plugin should do. It sucks that you can’t get in but it makes sure whomever is trying your account can’t get in either. In the future if you have a permanent IP address you can add it to the whitelist and the username lockout won’t affect your computer.

The test is rather simple and just looks to see if your front page with https returns a valid HTTP code (if [it] thinks its working). If you know your site works on https you can ignore the warning.

Keep in mind that it has to work with your domain. That means it you have https://mysite.com then https://mysite.com must be your SSL address if you wish to use the front-end SSL features.

Fixed in 4.2.13.

Fixed in 4.2.13.

Fixed in 4.2.13.

Folks in other threads are reporting this as fixed. I’m going to mark this as resolved.

Thanks for the update! My apologies for the frustration

marosid 4.2.13 should fix it.

I’m monitoring this thread until I hear one way or another.

I’m pushing 4.2.13 as we speak. Melissa, I ain’t going to bed until I can squelch this. The odd thing is it doesn’t happen in any of our testing sites.

30 seconds till 13 is up.