david

I just installed 3.1.2. It *works!* Thank you, thank you. Much appreciated that you provide this great plugin.

A BIG thanks! I appreciate the prompt fix. Backupwordpress is my #1 plugin and I rely totally on it for doing restores. I’ve never had a problem.

For what it may be worth, I have the same problem on several sites, but one of my sites is still using the 3.0.4 version of the plugin and that is working properly, i.e., not deleting the .htaccess file. Thanks for your help in pursuing a fix.

I’ve had no problems since then, but I did add this text to .htaccess:

# Throw out requests to the usual login addresses
RewriteCond %{REQUEST_URI} .*(wp-login.php|/login|/admin)$
RewriteRule (.*) https://%{REMOTE_ADDR}/$ [R=401,L]

However, I’m not fluent in hatccess so I’m not able to explain it – and I don’t know if it helped or not. I just know I’ve had no problems.

david

Thanks for your response. I read the opinions there and withdraw my request. Quick-cache is superb at what it does. Any change that impacts on performance or has security exposure is a non-starter. I’ve seen other plugins expand to do additional services and every time the quality of the product suffers. Anyway, I appreciate that you listen. I’m also a big fan of Weaver II and Quick-cache is the only one that works flawlessly there.
david

Logging shows only the CF IP numbers unless mod_cloudflare is installed. This URL has some nice graphics on the issue:
https://support.cloudflare.com/hc/en-us/articles/200170916-Why-should-I-install-mod-cloudflare- Without mod_cloudflare, your first post is right; you only see the CF IPs.

At this point, I’ll close this thread. From my review, it does seem Wordfence supports my concern, but I would need to enter all CF IPs. Thanks for your feedback.
david

To Ovidiu,
When using a server with mod_cloudflare, the true IPs are visible. I have not used the Cloudflare plugin for this, as its intent seems to be to monitor the Cloudflare IP setup. Spammers aren’t my concern; it’s people trying to overload the server. I did see that Wordfence allows specified IPs to be ignored, but Cloudflare has many. That seems like the real solution.

First, thank you for all you do for us. WP-Edit is a great start at rebuilding what we often took for granted with Ultimate TinyMCE. I regret that you had to rebuild this from scratch, but I am impressed and thankful at the massive outpouring of support you have received. It is unfortunate that some people assume that authors of free software have a debt to keep their software working with each new release with no problems. We, as users, have an obligation to read documentation and to test. Free software is a gift, and free software such as WP-edit is a treasure. Thank you for your openness and for your dedication. You may never see our faces, but you bring smiles across the Internet. Thank you.

Exactly. Wordfence can block any invalid login attempt, but hiding the admin login page prevents those people from even finding the admin login URL. Lockdown-wp-admin is one such plugin. That stops hackers from trying to take over the site.

From my experience, blocking such IPs can be solving the wrong problem. Some hackers can generate new fake IPs every few seconds. I found the easiest solution was to install a plugin that hid the login screen and to set Wordfence to block all invalid logins. That totally eliminated login attempts on my sites, 100%. The Wordfence setting was precautionary, but in over a year not one hacker has gotten that far.

I have had great success with two:

1. lockdown-wp-admin is my preference if WordPress is in the root
2. rename-wp-login if WordPress is in subordinate folder.

I’ve been using these with WordPress for over a year and they work very well.

Comment: I’m glad they’re not in Wordfence; it’s a different function. Combining lots of functions into one plugin gets confusing. For example, I would have preferred to see Falcon as a separate plugin (but I accept that’s just my opinion; I really like Wordfence for what it does.)

Hi, Mark,
I’m still at 4.0.3. Version 5 was a big release and I generally hold back on updates since I maintain this site part time. The site was under a mass DDOS attack when I had posted (I should have mentioned that), BUT the good news is that your suggestion led me to see that Wordfence supports Cloudflare which I just set up a couple of days ago, so I set for Cloudflare. That was terrific to learn! Thanks for all you do.
david

It *does* have image captions. That’s why I selected it for my site.

Thank you. I just installed Mantra and your tip was priceless. I also noticed that if you set all four to null, i.e., “”, that the menu options then work, letting you set and reset where the social icons appear from within Mantra.

I had same problem, i..e., when domain prefixed with ‘www.’ the plugin was bypassed and https://www.domain.com/wp-login.php worked. The code posted above by James SOLVED the problem!!! I am a happy camper. Thanks much!

david