What is going on with the ability to whitelist?

  • Resolved Wudman

    (@wudman)


    4 years, 1 month ago

    I am not sure what changed, but on several websites, WordFence’s whitelist feature is not trustworthy. Not only do I get locked out of my personal site if I mistype my email address (or several password fails), but then WordFence seems to junk the password recovery process.

    I say the latter because when I FTP into my folders and disable WordFence, I get my password reset emails immediately. With WordFence enabled, it takes several tries to get a valid Password Reset. “Unlock” emails once I am locked out are also hit and miss. It is quick sometimes to just disable WordFence. (HINT: Keep your FTP info up to date)

    The site in question has a very light load of plugins. They are all updated regularly and no new ones have been added in over a year.

    Sure, I should not make mistakes when it comes to my email, but stuff happens and while I am pretty fast with FTP, password resets via mySQL or other workarounds, my clients or their customers pop blood vessels while they wait for me to fix stuff.

    By the way, the Tool Tip to covers the basics well enough. I routinely check my IP both via network tools and verify that IP is correct in both “All Options” and “Login Security”.

    Searching around the net I see there may be issues with caching services. On the other hand, the documentation on both the Login Security and Firewall Options pages offers zero help.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @wudman, sorry to see you’re having some mixed results with the allowlist.

    If you and your visitors are experiencing frequent problems with being locked out due to mistyped usernames, it’s probably best to have Wordfence > All Options > Brute Force Protection > Immediately lock out invalid usernames turned off.

    Unless you have a fixed IP address, the Wordfence > Firewall > Firewall Options > Allowlisted IP addresses that bypass all rules will be unreliable. We also don’t recommend using this setting in most cases as it allows the IP mentioned to bypass Wordfence protection entirely. Sometimes, when an issue with IPs affects site visitors AND the site admins, it can be down to a problem with how your site is detecting IPs. Take a look at Wordfence Dashboard > Global Options > General Wordfence Options > How does Wordfence get IPs and check whether it displays your IP address as seen on https://www.whatsmyip.org/. If not, cycle through the other options until it does. That will be the setting you need to use going forward, so click the SAVE button once you’re done.

    Wordfence uses the same mail functions that are built into WordPress so the issue surrounding password reset being delayed or not coming through is less clear as there should be no difference between the way Wordfence and WordPress behave in sending those out. Wordfence itself doesn’t implement caching, but if you do have any caching plugins installed, it might be a good idea to clear/flush the data and see if that clears up any of the issues surrounding this.

    If none of the suggestions above suppress the issues you’ve been seeing, feel free to drop us a diagnostic to wftest @ wordfence . com. You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    Note: For the fastest response time, please make sure and add any information or questions directly to this topic and not the email address above unless asked.

    Thanks,

    Peter.

    Thread Starter Wudman

    (@wudman)

    Thanks for the reply. I will take your advice and see how my site is detecting IPs. Clearly the one that is whitelisted isn’t being treated as so on this site.

    Plugin Support wfpeter

    (@wfpeter)

    Hi @wudman,

    Let me know how you get on. Tickets are typically left open for around a week and a half without response to ensure you have some time to test and get back to us.

    Thanks,

    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘What is going on with the ability to whitelist?’ is closed to new replies.