The Web Fix

This works, just make sure to test it, then immediately leave the group.

It works fine now, even when you leave the group.

I’m encountering the same issue as well.

Try reactivating it and refreshing your browser.. worked for me.. ??

Getting the same error

The idea of selecting an amount of time is a great feature. It really takes into consideration that the brute force attempts coming from that IP may stop eventually. But as a community we have seen major abuse lately, which is not stopping or intermittent.

By adding an option on both logins and the 404 logs, to permanently block and IP and add it to the blacklist, it will be a huge advantage and I would think that everyone who uses this plugin will use that feature frequently

Yes, that’s exactly correct, I think you may be confused. I am not reaching 404 pages, but those url’s are in the logs.

And upon using that plugin, I started receiving emails of IP’s attempting logins. Which wasn’t being picked up by the All In One WP Security & Firewall.

I think he is referring to that feature as well.

Instead of locking out for a certain time period by entering the amount of minutes, there should be a character that you can place in that field to permanently lock the ip if the criteria is met. say “0”

I can also agree with simco about bots finding the secret url.

I have been trying different configurations on many of my sites to find out which works best.

On one of my sites which is on a completely different server than most of my others, I have a whitelisted IP, along with Cookie Based Brute Force Login Prevention.

I noticed several 404 errors accessing login pages which was a good sign, but I wanted to dig deeper. I installed this plugin
“https://www.ads-software.com/plugins/wp-login-alerts/”, which sends an email when the login page is accessed, and also when an attempt is made which is either successful or unsuccessful.

To my surprise, the login url was being accessed, and still is.

I am still trying to figure out how this is possible, as they are not even being logged by this plugin when the “Instantly Lockout Invalid Usernames” is checked in the “on” position

I also want to say that the captcha math problem has not changed in a couple weeks. May it be a corrupt cookie on my end?

Prevent Hotlinking is not enabled. I think Facebook needs XMLRPC enabled in order for users to share pages.. Anyone have a workaround to this? Is wordpress still vulnerable to XMLRPC exploitation after the last security release?

bump

This is actually affecting several of my sites

No images are showing when posting links to facebook. I have dug around and haven’t come up with an answer as to which exact setting is making this happen, the only solution seems the be what I mentioned above, but I cannot and will not leave it vulnerable.

Any Guess??

Hi,

I used the global disable settings…

1) Disabled Firewall settings, results: no change
After no change, I reset everything by importing my original settings

2) Disabled Security Settings, results: no change
After no change, I reset everything by importing my original settings

3) Disabled Security & Firewall Settings, results: images were then being populated when sharing a link through a facebook status

Yes,

being able to do a search would be awesome along with selecting the view amount.

Another great suggestion would be to have an “add to blacklist” option

no, it does, I tried it a couple times