mvandemar

@narolles – sorry, I thought I replied to this! Yes, the plugin works fine in PHP 8.1. ??

-Michael

@flamuren Yes.

@prelite84 You’re commenting on the wrong plugin, just so you know. This is the plugin you are looking for:

https://www.ads-software.com/support/plugin/lockdown-wp-admin/

@techtushar Not in the current version, no, although it is a feature I plan to add into the next one.

-Michael

And also as it is commented in blocks.build.js so it is no issue with that code.

Again, it is commented out using only double slashes, if a caching plugin minimizes it into a single line of code it will no longer be commented out.

I cannot give you access to my client’s site. I am just reporting a bug, if you would like to try and reproduce it just install the plugin along side a caching plugin that has minification, like WP Rocket. Then look at the Network tab in Dev Tools in Chrome for 404s. If you don’t care then don’t worry about it. I don’t know that it’s causing any issues, it’s just messy to have calls to files that don’t exist, or to have commented out code like that.

-Michael

• This reply was modified 4 years, 1 month ago by mvandemar.

@brainstormteam I know the file is not there, it’s why there is a 404 error. Please look inside this file:

wp-content/plugins/ultimate-addons-for-gutenberg/dist/blocks.build.js

On line 106756. You will see what I am talking about.

-Michael

@givagoes Sorry, I have been remiss in updating the “Tested up to” tag. I have done so and will try and do better moving forward.

-Michael

@londontiger It will not hurt anything to purge the tables.

-Michael

@ayush56 – yes.

-Michael

> Do you think this project has been abandoned?

No, I don’t.

-Michael

@jimmycrackedcorn – the result will be the same, unfortunately. Any security that is based of off ip address won’t work on a system that sees all traffic as coming from the same ip address, such as the one you are using now.

The reason I am not checking against the X-Forwarded-For header is because it can be spoofed by the client, which would make it useless as a blocking measure:

https://www.f5.com/company/blog/security-rule-zero-a-warning-about-x-forwarded-for

Bots could just send a new IP address in that field each time, thus circumventing the limit on the number of login attempts. I am working on some other means to secure the login form under those scenarios though.

-Michael

@imperialcb That’s actually a common request, I am going to try and code that in this week.

-Michael

@timotheemoulin – how do you know the problem is related? The bug with Windows activation was fixed a few years ago, unless I accidentally re-introduced it at some point.

@timotheemoulin – there are other priorities I have over the naming conventions at this point. I will look into where I am loading the options, although you do know that the login form can technically exist on any non-admin page, right? I am sure it can still be optimized though.

I will look at the fork when I can, thank you for your contributions. ??

-Michael

@ayush56 Those are all things you can change in the dashboard. Go to Settings->Login LockDown and you can change that behavior.

-Michael