Sam Hotchkiss

Thanks!

Hey Toby– we definitely support SSL!

What you’re seeing on line 105 is immediately stripped back out, you just have to stick a protocol in front of a domain name for PHP’s parse_url function to work properly.

All communication between your server and ours happens over SSL whenever possible– if, for some reason, your host does NOT support secure remote posting, then we fall back to non-SSL.

Best,
Sam

Sounds good, thanks!

New version supporting multisite is now out!

Hey Mike– those IPs are PROBABLY already in our DB– we’ve got over 130,000 IPs on file now– we’ve decided that we’re only going to block IPs that we have found to be malicious through our own algorithms, just to prevent any confusion. While I have no doubt that your list is all bad guys, we want to have internal documentation for why any particular IP has been banned.

Hopefully BP can help cut down your server load and keep the jerks out!

Best,
Sam

Hey Kelter– stats for your site will start showing up once we’ve blocked an attack for your site– they’re hidden until that number is at least 1.

You can see here what that display looks like:
https://screencast.com/t/pyJZmXSq

Regarding where to put it in the menus– there’s been some internal debate going on about whether it belongs under “Tools” or “Plugins”. At this point, we’ve put it under “Plugins” because we consider it to be similar to Akismet, and that’s where they’ve put theirs. We have a major update in the pipeline that might cause us to rethink that positioning… Definitely interested in hearing any opinions!

Hey Flick– thanks! Both of those issues are handled in the update coming later this evening.

Best,
Sam

Hey Mad Dog– there will be an update to BP that I’m just putting some finishing touches on that will officially add multisite support. Look for it in the next few hours, update, and let me know if that clears it up. Our servers won’t work with your site without an API key.

Great, thank you! We’ve got some REALLY exciting stuff in the pipeline.

Hi!

Rest assured, once you’ve entered your API key, your site is secured– even if, for some reason, your site cannot see our server for a limited period of time, BruteProtect will fail-safe to a CAPTCHA. If you do not see a CAPTCHA on your login page, that means you are accessing our servers successfully.

By the way, we’ve rolled out a new version today to hopefully correct the issue you were having on your dashboard. Please let me know if it doesn’t correct the problem!

Hi David–

First off, thanks for your feedback! We’ve been hard at work on a number of major updates to the plugin, one of which will directly address this concern, and we can’t wait to unveil them.

In the mean time– it’s 10 failed logins before a lockout occurs. You are correct in saying that this will lock out the user across BP-protected sites

As an interim fix, you can make the following change:

To whitelist your IP on your site, change line 37 of bruteprotect.php from:

add_action('login_head', 'brute_check_loginability');

to:

if($_SERVER['REMOTE_ADDR'] != '1.1.1.1') { add_action('login_head', 'brute_check_loginability'); }

(replacing 1.1.1.1 with your IP)

Hope this helps!

No problem, guys!

Are you wanting to whitelist an IP for a single site? If so, there’s no way to do that in the dashboard, but I’m happy to send over a code snippet that you can use to make that change until we can add a dashboard option.

I’d be curious to know why one of your IPs has been blacklisted– can you email the IP to me? sam at hotchkissconsulting

Thanks!

#2 & 3 are in the works (we’ll allow IP-wide signup)

Regarding #1, you can do that already using the “Screen Options” in the upper right corner of your dashboard