Banned users not being respected

I have a similar problem. I am upgraded to 4.0.8 also, and I have manually added IP addresses to the banned hosts list, because they have continually tried to log in as admin. Since doing that, my log files still show admin login attempts from those very same IP addresses, even though I manually banned them in iThemes Security. The ban users function does not seem to be working at all, even in the latest update.

Same issue with iThemes version 4.2.6. I keep getting slammed from IPs that I’ve listed under “Banned Users > Ban Hosts”. And yes, they are listed one per line.

May be you have to look in the .htaccess file in the root directory of your wordpress website.

If you have somewhere something like :

Order allow,deny
		SetEnvIF REMOTE_ADDR "^132\.22\.132\.22$" DenyAccess
		SetEnvIF X-FORWARDED-FOR "^132\.22\.132\.22$" DenyAccess
		SetEnvIF X-CLUSTER-CLIENT-IP "^132\.22\.132\.22$" DenyAccess

the 3 last lines for each banned IP (132.22.132.22 in here), is that is working fine… If not, you have to autorize the plugin to write into this file .htaccess file :
Global settings > Write to Files > Allow iThemes Security to write to wp-config.php and .htaccess.

I hope this will help

Best regards

L..

So you’re saying when iThemes Security blocks itself from writing to the .htaccess file? I have the allow iThemes function checked, yet when I select “Enable ban users” function, added 100 or so IP addresses and hit save changes – NONE of those IP addresses are entered into the .Htaccess file. and if I navigate away from the settings page and then back, the “Enable Ban Users” checkbox is unchecked on it’s own.

Developer – You do realize this issue is about a broken part of your plugin, right? this used to work just fine back when it was BWPS . . . .

Are you going to fix these issues? iThemes Security is either NOT allowing itself to write to the ..htaccess file, or the Ban users function is broken, or both.

The “Enable HackRepair.com’s blacklist feature” seems to be able to write to the .htaccess file – it’s not supposed to be either “Enable HackRepair.com’s blacklist feature” OR “Enable ban users” – is it? they should both be able to be checked, and both should write to the .htaccess file, right?

Some help is needed to fix your plugin . . . please.

I was having this issue with the ban users not staying checked. I had been noting hosts like this: 123.45.678.*

I discovered in one instance I did not add the asterisk as I should have. Once I corrected that typo in my listings, the “ban users” box stayed checked.

Found the way to this problem.
Cut the list of banned users
paste it somewhere to recover it later.
Now that the list is empty, tick the “ban user” box.
The function will work again.
Then re-insert the list of IP adresses taking care that none is invalid.

It worked perfectly for me.