BUG: blacklisted while whitelisted

Ahh okay, perhaps something was going wrong with the whitelist IP addition, or IP detection which wasn’t recognising your visitor IP address as you expected it.

Keep us posted if the problem persists.

Hi there,

Thanks for responding! I thought it was fine now, but somehow just now I got kicked out again. I am still sitting in the same spot, i.e. IP address, and for some dark reason I am thrown out. But I am still doing the same stuff, testing account logins, etc.

Adding: I just realise I currently have dynamic IP addresses. This isn’t the case normally, so when I added my IP again, I saw it was different. Hard to notice sometimes as they are V6 and really, really look alike ??

I will be switching to static IP soon again, but I assume this is the case for many people out there using Shield.

Any suggestions as to how to prevent this from happening with a dynamic IP?

Best regards,
Tom

If you have dynamic IPv6, then whitelisting isn’t going to help you here.

What you need to do is find out the reason you’re triggering the firewall and white list it

This may help:
https://icontrolwp.freshdesk.com/support/solutions/articles/3000079746

Thanks for the article. The problem appears to be this:

“User “harry” attempted to login but GASP checkbox was not present. Probably a BOT.”

This is not correct at all, this user and other users – with which I am testing a complicated login structure – appear as a bot. Even though the login is successful, the counter is incremented. This should not happen, obviously.

Also, next to the counter it is stated: (Your IP). This makes it even more strange. Apparently Shield knows this is the current admin working on that IP and then still the counter is incremented assuming it is a bot.

I resolved this by turning off the login form protection. This is not the best thing to do, so if there’s another way, please let me know!

Thanks in advance!
Tom

• This reply was modified 5 years, 11 months ago by tomdekok.

So if you have a “complicated” login structure – which I assume means you’re using 3rd party plugins that aren’t firing standard WordPress hooks – then yes, this is going to happen. You’ll need to keep login protection turned off since if your login forms aren’t firing WordPress hooks, or we haven’t built a specific integration to the particular login forms you’re using, it’ll not work.

The user is being flagged as a bot because he didn’t check the checkbox to say he wasn’t. Whether or not the checkbox appears on the form, the checks will still run on the backend.

• This reply was modified 5 years, 11 months ago by One Dollar Plugin.

Okay, clear. So how do I solve this? Since many, many websites contain third party login forms, like this one, just turning off login form checks is not a solution.

As a developer for many large companies in the past I have integrated professional plugins to enable better logins. I cannot imagine Shield does not provide a solution here?

I am assuming that the backend login is not protected now either?

We offer support (insofar as it’s technically possible) for 3rd party integrations, and a lot else besides, for paid subscriptions only (https://onedollarplugin.com/products/shield-security/pro/).
If you’d like to discuss this further, please contact us here: https://support.onedollarplugin.com/form
..as this forum is not the appropriate place to discuss paid/premium subscriptions.

Thanks!

Okay, no problem, I have Pro. Will contact you through the form, thanks!

No problem, chat with you there.