2 questions about the behavior bc Enable login lockdown feature
-
Hi,
We’re experiencing a redirect to 127.0.0.1 because of the “Enable login lockdown feature” feature, and we’d like to understand it more.
My first question is: When a user gets locked out of the site, they don’t only get locked out of wp-admin, but they can’t even access the site’s homepage. Is that the way it’s supposed to be? is there a way to change this behavior? We want the homepage to always be accessible.
The second question regards the IP that is locked out. As I stated in a previous issue, we have a WAF on the server, and your plugin treats all users as having that WAF’s IP, and that’s not what we want, since it means that of a user accidentally locks themselves out, all users are locked out. However, when I got to WP security > Settings > Advanced settings, I see that my detected IP address according to Cloudflare, ipify (IPv6) and ipify (IPv4) is my real IP, but what is shown in the dropdown (“Choose a $_SERVER variable you would like to detect visitors’ IP address using”) is the WAF IP. Is there a way to make the plugin detect the user’s actual IP?
Thanks
- The topic ‘2 questions about the behavior bc Enable login lockdown feature’ is closed to new replies.