IP Lookup:
It would be nice with a integrated search box for IP numbers for a quick check if the IP should be blocked or not. Something you could add to make the plugin ever better? There are a lot of free IP services that offers API connection.

Maintenance:
It would also be nice to have the option to choose other user levels than just admin to block from the site when testing everything in staging.

I’ve got some serious problems with my website. Yesterday i activated force logout after 120 minute of session. After that i am even unable to log in to my admin panel. Every time i am going to login, i see the msg “Your session has expired because it has been over 120 minutes since your last login. Please log back in to continue.”
Anyone got this problem ? Pls suggest how to fix it.

Cross site attacks (xss) that steal cookies to hack into WordPress is a very common problem. It’s the number 1 method for attacking wp sites. I cannot even remember how many times my testing sites have been hacked with this method.

Install this plugin, and set the timeout to 5 min (300 sec). Do not disable for wp-admin. Set Administrator to be redirected to login, time 5 min (300 sec).

No more cookie hijack hacking because they will have to re login.

Does the ‘force log out’ feature has a hook to change the redirection URL?
as some users should not be able to see the admin login page and I want to redirect them to that home page when the session expired.

Thank you,

i am using the Profile Builder Pro-plugin that allows to redirect the user to a certain page after logout. That works perfect with manual logout by the user. The “Force Logout” with “All-in-One WP Security & Firewall” seems not to work together with this configuration. The “Force Logout” always leads to the WP-admin backend logout page. Is it possible to define a redirect after forced logout?

If not, i would almost consider this as a bug, since the renamed login page is visible then. Thanks for your feedback and support.

Regards, Harald