Fresh-Media

Hi,

Thanks for your review.

I’m going to release a new version of the plugin this week. Hopefully that will fix your issues!

JP

Hi Andy,

Thanks for your post.

I’m planning to release a new version of the plugin this week with a complete rewrite of the htaccess-logic layer. I think that will fix this problem (and many others).

JP

Hi,

Thanks for your post.

That’s an important issue. The problem is that I don’t have much time at this point to add new features to the plugin. I will fix it, but it will take some time.

Thanks for your understanding.

JP

Hi,

Thanks for your post.

When you remove your IP from the .htaccess file, you shouldn’t be still locked out. Could you send me a copy of the .htaccess file when your IP has been blocked? (to [email protected])

Thanks.

JP

Hi,

Thanks for your post.

That’s strange, the plugin only blocks IPs when it has many failed login attempts. Are you maybe routed through a proxy server?

JP

Hi,

Thanks for your post.

I think it will work properly alongside with Wordfence. Because my plugin uses .htaccess for the blocking, it really blocks access of the hacker.

JP

Hi,

Thanks for your post.

I think your ideas are very good. The first idea (directly block login attempts with specified usernames) is easy for me to implement, so I will put that on the list for the next version. The second idea (auto-group IPs) is a bit more work, and I have limited time to work on this plugin. So I can’t promise if I can add that to the plugin.

If you are able yourself to add this functionality, you are always welcome to open a pull request on github: https://github.com/jpkleemans/Brute-Force-Login-Protection

Thanks.
JP

Are you maybe behind a proxy? See https://amibehindaproxy.com/

That’s strange. The current IP button is linked to the IP address on which you are currently connected to the website.

Can you check if that IP address is also displayed as your IP when you visit https://whatismyipaddress.com/

It looks like that IP is a private address. Do you know how or when it was added to the .htaccess file?

JP

Hi,

Thanks for your post.

The .htaccess file looks fine. Did you maybe accidentally block yourself (because of too many failed logins)?

JP

Hi,

This feature has been requested several times and I am planning to add it in a next release.
But I don’t have much time for maintaining the plugin. So it’s coming, but will take some time…

Of course, a pull request on GitHub is always welcome! ??

Ok, I understand your issue now.
I will put it on the list for a future version!

Thanks.

JP

Hi,

That’s a really great idea!
There are some difficulties that needs to be tackled, but I will definitely think about it.

Thanks!

JP

Hi,

My plugin hooks into the event system of WordPress. When a login fails, WP fires an event.
If you use a custom login-location, it should still fire this event. Otherwise your login will not be compatible with my plugin, and many other plugins that use the WP event system.

JP