sturdy2

dwinden has the answers but take a look here
https://www.ads-software.com/support/topic/failure-to-write-banned-users-to-htaccess where he helped me yesterday. Look for $no_errors far down in the conversation.
good luck
Sturdy2

Got it…thanks for the update.

Thanks for the explanation. Of course you are right and I have removed the banned agents since they are geo blocked anyway. I wondered what that [OR] meant.

But, I think there is still a problem with the error messages. If I change the first occurence (line 631) then the complete banned user error msg displays as it should. I think this is all okay now.

The second occurence (line 649) is obviously provides a similar function but for the whitelist instead. If it remains True, error messages do not show when the IP is hyphenated. When changed to False (and, logically I think it should be False) I get the attached message. The first part (upper) is correct but the banned Users portion (lower) is probably not correct. Those two * IPs are not whitelisted but are in the banned list. Also, the Banned User feature is NOT disabled as it says. It appears there are apples mixed in with the oranges.

Bottom line, all is working for me and I much appreciate the help. Now to try the update…

Edit: Darn, I can’t attach a screenshot! Give me a minute or two.

Upper message
There is a problem with an IP address in the white list:

71.176.243-48 is not a valid address in the white list users box.

Lower message:
Note that the banned users feature has been disabled until the following errors are corrected:

98.126.*.* is not a valid address as it has been white listed.
204.124.180.* is not a valid address as it has been white listed.

Changed $no_errors === true to $no_errors === false on lines 631 and 649. I am now getting the error message so all looks okay.

Edit: I just noticed the ref to line 636 in the previous error messages.

Looks like our last posts crossed. Give me a couple of hours and I’ll try your fix and get back. My wife tells me I have other stuff to do ??

Good morning…

The [NC] lines seem to be working for me. I’m really new at this so I may be misunderstanding something. I previously had a lot of bot traffic from BaiduSpider and Yandex. After adding the user agent lines both are now getting 403s. I added the lowercase Baidu and yandex just for extra comfort ??

My site is a new genealogy site and I don’t expect any traffic from outside US and Europe. I don’t see any need for bots in other countries which have become a nuisance. Probably should mention I also blocked China, Russia and Ukraine using code similar to below. These lines (several thousand) are below the iTSec and WordPress ssections.

`# BEGIN China Blacklist
<Limit GET HEAD POST>
order allow,deny
allow from all
deny from 1.0.1.0/24
deny from 1.0.2.0/23
snip…snip
deny from 193.109.216.0/24
</Limit>
# END China Blacklist’

I have tested with and without the above blacklist lines with no difference.

So, I added your debug lines and received the following messages with or without the hyphen in the IP. Being a noob, I can’t tell if this is important but obviously something is not quite correct.

‘Strict Standards: Non-static method Category_Template_Hierarchy::init() should not be called statically in /home/sturdy2/public_html/wp-content/plugins/category-template-hierarchy/category-template-hierarchy.php on line 126

Warning: session_start(): Cannot send session cache limiter – headers already sent (output started at /home/sturdy2/public_html/wp-content/plugins/category-template-hierarchy/category-template-hierarchy.php:126) in /home/sturdy2/public_html/wp-content/plugins/wp-file-upload/wordpress_file_upload.php on line 2

Notice: bbp_setup_current_user was called incorrectly. The current user is being initialized without using $wp->init(). Please see Debugging in WordPress for more information. (This message was added in version 2.3.) in /home/sturdy2/public_html/wp-includes/functions.php on line 3547

Notice: Undefined variable: message in /home/sturdy2/public_html/wp-content/plugins/better-wp-security/modules/free/ban-users/class-itsec-ban-users-admin.php on line 636

Warning: Cannot modify header information – headers already sent by (output started at /home/sturdy2/public_html/wp-content/plugins/category-template-hierarchy/category-template-hierarchy.php:126) in /home/sturdy2/public_html/wp-includes/pluggable.php on line 1178′

One more comment: I am using the Local Business Theme ver 2.0 from inkThemes.com and it looks like the theme is no longer available. Maybe a this is a theme issue?

On the bright side, I have learned NOT to put hyphens in IPs!

Sweet dreams…

Ya, I thought I had lost my first post to this thread then after 30 minutes when I sent a second they both showed. Ya gotta love these computers!

I have 43 banned IPs.
Default blacklist: yes.
Banned agents: Baidu, BaiduSpider and yandex.
One entry is ###.###.*.* but seems okay.
Also have blocke 3 countries but those are outside of the iThemesSecurity region of .htaccess.

Here is some more info:
I selected a random IP in the current list (166.137.136.78) and replaced the dots with dashes. Voila! Failure but No error message.

The only difference between my incorrect IP and yours would be the number of digits in one or two quadrants, otherwise the same. I no longer have the bad IP available. In trying to id the issue I tried to save several dozen times and eventually isolated the hyphenated IP. None produced an error message, just an .htaccess that was missing ALL banned users. The only clue that something was wrong was the unchecked Enable Banned Users checkbox.

Well, my fault, one banned IP had hyphens instead of dots! Duh…
But an error message would have been nice.

Pls disregard, My apologies for the dupe post.

Thanks WPyogi,
I had read the Roles page and looked for a show/hide setting. Guess it was too long a day…it was right there in the user profile. Thanks again.