redglare

I never needed that feature enabled before, in order for Login Whitelist to work. Should that be necessary? I have avoided that feature in the past, because the Login Whitelist alone was totally effective.

I also avoided the Rename Login feature because there is a warning about possibly being locked out of admin–and this is a GoDaddy managed wordpress site, and who knows what they have going on behind the scenes.

The Login Whitelist is still working on another, similiar-but-simpler GoDaddy site I have, one with no other plugins.

So, first I will try disabling all other plugins to see if that fixes the Login Whitelist; it that fails I will try your solution to “Enable Rename Login Page.”

It will take a little time, because I will need to arrange for another person (at a different location) to check the results of all this as I test.

Thank you for your help and suggestion.

No other Brute Force features are enabled (except the Login Whitelist of my IP).

I have enabled “Completely Block Access To XMLRPC”

I have not enabled “Disable Pingback Functionality From XMLRPC”

I now have the whitelist feature working, and have verified same by attempting to log in from other IP addresses. All I did was go to “Basic Firewall Rules” and enabled “Completely Block Access To XMLRPC.” Then the whitelist feature worked.

Afterward, I went back and unchecked “Completely Block Access To XMLRPC,” and the whitelist feature still works. So, for some reason, simply enabling that feature fixed the problem, and it stayed fixed even after then disabling the “Completely Block Access To XMLRPC.”

Again, I have verified the whitelist feature is actually working, as I could not access my log-in screen from two other IP addresses I tested. I appreciate your trying to help me with this, and thankfully the problem is now solved.

Still not fixed, as it turns out, as I was able to load the log-in screen from another address. I unchecked and saved the whitelist feature, then checked and saved it, which reengaged the feature. And the 502 Bad Gateway screen was back again at login. Too bad.

The problem may be fixed now.

One thing I tried along the way was restoring an earlier backup using my UpdraftPlus plugin. However, the attempt failed because UpdraftPlus said “Delete:
my-plugins-old-old-old: Failed.” “Old directory removal failed for some reason. You may want to do this manually.”

But I was unable to delete “my-plugins-old-old-old” through SFTP because the file was locked by GoDaddy. I called them again, and was finally able to convince them to delete the file for me.

Unfortunately this did not fix the AIO WP Security whitelist problem as I had hoped, but it did fix the UpdraftPlus plugin problem, which allowed me to make and restore a new backup…

And when I restored the backup I had just made–the whitelist problem in AIO WP Security was fixed! Just to be clear, I merely ran a full restore of the existing setup, not a backup from an earlier time.

The final test (other than the test of time) should take tomorrow, when I will have access to a computer that does not share my IP Address. Then I will be able to confirm that the IP whitelist feature is in fact enabled.

Hello wpsolutions,

I mean I installed the reset plugin, and used it per Step 5 of the link provided by mbrsolution, “to reset all the configuration of the main security plugin. So you can start fresh with that plugin again.”

Specifically, I first deactivated the AIO WP Security plugin. Then I deleted the AIO Security Plugin. Then I ran the reset plugin, which indicated successful reset and, presumably, a fresh start.

Then I installed and activated the AIO WP Security plugin, after which my login still worked just fine. Then I went straight to the Brute Force/Login Whitelist (where it shows “Your Current IP Address”); I pasted that IP address in to the “Enter Whitelisted IP Addresses” field, checked the box to enable, and clicked “Save Settings.”

It seems the only AIO WP Security feature that prevents me from logging in is “Enable IP Whitelisting.” In other words, if I disable only the white-list feature, there is no problem–my WordPress login page loads as usual, and I can log in as usual. It really seems to be just that option, when checked, that produces the “502 Bad Gateway” screen.

The reset plugin did not fix the problem, but thank you for trying, I appreciate your help and suggestion.

I deactivated the WP Security plug-in, then deleted it altogether. I also flushed the cache.

I reinstalled the WP Security plug-in, and, before changing any other default, checked whitelist for my IP address. Unfortunately, that locked me out of my WordPress log-in page as before (502 Bad Gateway), so the problem remains.

I spoke with GoDaddy, and they think the problem is the WP Security plug-in, and concerns the .htaccess file. They also noticed that the .htaccess file was unusually large; I don’t know what would have brought that about, as I don’t modify it directly myself. By the way, here are my other plug-ins:

Contact Form 7
PDF Embedder Premium
UpdraftPlus – Backup/Restore
Visitors Traffic Real Time Statistics
Yoast SEO

It is dynamic, but it has not changed over the six months or so since I started using the Whitelist feature in AIO WP Security.

My IP address is dynamic, but it hasn’t changed. Just to be sure, I re-entered the IP address (clipped-and-pasted “Your Current IP Address” as shown by WP Security).

I don’t know if my host updated the server; I will need to contact GoDaddy to find out.

My themes have not been updated recently.

I de-activated all other plug-ins and tested, but that did not help.

No bad log-in attempts.

De-activating All in One WP Security (or just unchecking “Enable IP Whitelisting”) fixes the problem, but of course I lose the protection I enjoy when my site can only be logged in to from my IP address.

I disabled Contact Form 7 plug-in, and that fixed the problem. Furthermore, when I re-activated Contact Form 7, the problem did not return. Obviously this is an excellent result from my point of view, at least if it holds. Thank you for your help.

That worked, Devon, thank you! Problem solved.

Hi Devon,

It seems that the Post Notif plugin removes the “Subscribe” widget from the “You are now all set to receive post notifications” screen (which makes sense), and the theme is then filling the void with the footer widget text. Is there an easy way to make the plugin leave in the “Subscribe” widget? Because that would be preferable for me.