jamiewilson

Looks like this bug has existed for about a year now without a fix. Has this plugin been abandoned?

That’s the first time I’ve heard of that kind of problem. The processing is fairly minimal. Do you have a lot of IP addresses in your white/black lists? Any chance your redirect is putting you into an endless reload loop?

Not immediately, but probably at some point in the future. The IPv4 filtering is basically a substring search for matches. IPv6 adds a whole new level of complexity and it’s something I want to make sure I do correctly if implemented.

Can you confirm whether or not you’re still having problems with the plugin?

I’m looking into this. My initial tests aren’t showing any problems with redirects. Make sure you’re not logged in and/or you haven’t whitelisted the IP address you’re using to test.

Yes. Just add one per line, or you can use wildcards and number ranges.

Some examples:

192.168.1.1
192.168.1.*
192.168.[1-10].*

The plugin doesn’t guard wp-admin for this very reason. It also has an option to auto-whitelist the IP address of the admin (based on the admin who last saved the config settings).

If you are looking to secure the login, I’d recommend these two plugins: “Google Authenticator” and “Limit Login Attempts.”

Let me know if you have any more questions.

That’s actually a situation I hadn’t anticipated. You’re coming at access permissions from the opposite approach of most WordPress sites–“deny all but allow these” instead of “allow all but deny these.” Right now, Gatekeeper’s black list prioritizes the black list (presuming anything on that list is ultimately bad and overriding the white list if an IP matches both) and blocks those IP addresses.

Your approach is intriguing and I can see it being useful. For ultimate security, I’d still recommend relying on .htaccess since it’s closer to the server and less prone to quirks in PHP, WordPress, Gatekeeper, etc.

Let me give this some thought on how I might be able to best implement what you’re asking. Most likely it would be an option of “whitelist priority” vs “blacklist priority.” I can’t promise a quick update, but I like the idea and it’ll probably be something I push in the next update. If you have suggestions, please pass them along.

I’m marking this as “resolved” since I haven’t heard back with more details. Most likely the problem is with browser and/or server caching and not a problem with the plugin, but I’m happy to address any further issues you have with the plugin.

Marking this as “resolved” since a since-released bug fix should address plugin conflicts. Gatekeeper should not lock one out of the admin site, so it’s not clear that the admin access problem is even related to Gatekeeper. Please let me know if you have more details or are having more problems. I’m happy to help if I can.

Marking this as “resolved” since I haven’t heard back with more details. It isn’t clear this is a problem with Gatekeeper, but if it is, the fix in my previous post should get you back into the site until we can figure out what’s going on. Let me know if you have more details and/or are still having problems.

That’s strange. The plugin is designed to not do anything at all with admin pages, including the admin login page (unless you’ve renamed your login page to something other than wp-login.php). Are you getting this “302 found” error when you go to /wp-admin?

You can disable the “gatekeeping” function by editing the gkfunc.php file and adding “return;” to the gatekeeper_watch_the_gate() function (line 282 on the latest version). That should end the function before it has a chance to do anything.

Could be two things:

1. If you’re logged in and have “Whitelist Logged-in Admins” checked, it’ll let you see the page normally. You’ll need to either log out of WordPress or uncheck that box.

2. If “Auto-Protect Admin IP” is checked, it’ll automatically whitelist the IP address you were using when you last saved your settings.You’ll need to uncheck that box.

Let me know if those things work for you.

Alison,

I apologize for not catching this support request sooner. If it’s still useful, the answer to your question is: yes. You’ll need to create a non-WordPress page that you’ll use as your “offline” page. You can then have Gatekeeper redirect visitors to that page while the site is offline.

Bob,

I apologize for not catching this support request much sooner. I was under the mistaken impression that I’d receive email notifications if support requests came up. Nonetheless, it’s my fault for not checking in sooner.

I’m sure you’ve long since resolved this problem, but if not I’m happy to help in any way that I can. I suspect the problem may have been due to some sort of server caching, but it’s hard to say without more info.