Peter Petreski

Hi Chris,
We’ve just reproduced what you are referring to and have also identified a fix for this which will be available in the next version.

Hi,
We did fix a bug in the newest version (1.4) related to backups.
Can you please try disabling and re-enabling the scheduled backup feature and let us know if that makes a difference?

Hi @Strategerizer,
Yes that’s right – the locked out IP addresses were unlocked after 60 minutes which is why you weren’t seeing them listed in the table.

I can clearly identify hackers that try to login using “admin” username and continuously trying every few minutes. I want to permanently ban/block these IPs.
Any way to do this?

We will add the ability to block an address by clicking on a link in the table in a future release. At the moment you can block the appropriate address range by entering it in the blacklist settings – eg, 78.138.107.*

Also may be a good idea to lock out anyone that tries to login using the username “admin” as none of my accounts use that

Thanks for the suggestion and it sounds like a neat idea. We might consider adding something along those lines in future release.

Hi Sid,
As stated in my previous reply, if you re-enable the “Deny Bad Query Strings” again you will find that you will no longer see the problem because we have updated the rules in version 1.4 to fix this.

This is because your system still has the old rules for “Deny Bad Query Strings” written in your htaccess file.
Just do the following simple steps to fix this:

1) After installing version 1.4 of All In One WP Security simply go to the firewall settings and disable the “Deny Bad Query Strings” checkbox and then save your settings.

2) Then re-enable the same checkbox and save your settings again.

This will overwrite the old “Deny Bad Query Strings” rules with the new ones and will fix the issue.

Yes I can see the problem now and thanks for the feedback.
This will be fixed in the next release.

It got conflicted with W3 super cache minify settings. Show 404 error in almost every post

We are currently investigating this issue. It would speed up our efforts even more if you can tell us which of the “advanced firewall rules” are causing your problem.

Hi and thanks for this valuable feedback – we really appreciate it and it goes long way to helping us make this plugin as robust and easy to use as possible.

Incompatible with the post title about subject like hack, password…

We will take a look at the “advanced character string filter” and investigate the cause of this.
I suspect it might due to something such as some missing escape “\” characters in the rules.

Incompatbile with “Admin Management Xtended”, in admin post, the buttons doesn’t work

Similarly we will investigate this too.

In the meantime please leave the “Advanced Character String Filter” checkbox disabled and we should have some definite answer/fix for this soon.

Hi,

I like me suggest “default” options click in a button, for example for “Login Lockdown Configuration”, when I test the first time, I dont know what I can put in this configuration

Actually if you enter nothing at all in the fields and click “Save Settings” the plugin will automatically enter default values for you.
Also please read the description text next to each element to get more information about it.

94.242.237
I try block this IP in Blacklist Manager, but the plugin always show with all IPs
“no valid IP”

The “Failed Logins” table lists the IP address ranges for a failed login attempt, ie, it will give you the first 3 octets of the IP address which failed – example: 94.242.237
So if you wanted to block this range you would need to enter:
94.242.237.*