[Defender Pro] Defender Pro blocking incorrect IPs

Hi there,

Recently, a number of our sites started blocking everybody out of the wp-admin area. One of our clients emailed us to let us know he was locked out, and when I went to whitelist his IP, I found that I was locked out as well. I’ve had to deactivate or delete Defender on a few of our sites now, and I’m not sure what’s going on.

The error message is: The administrator has blocked your IP from accessing this website.. I checked the page source, and verified that it’s not a cached page.

Please this thread for more background, as this is a repeat of a similar (or the same) issue plaguing us for the last 8 months. I tried disabling ALL plugins, still blocked. It’s not the theme, either.

I’ve enabled support access on roundhouse-designs.com. Thank you.

  • Nithin
    • Support Wizard

    Hi roundhouseguys,

    I’m tried to access the dashboard via the support access but it appears blocked when tested via different IP address, which is odd. Could I know whether you have Cache enabled in Cloudflare side? If yes, does it make any difference when the cache is purged?

    We would like to further troubleshoot the issue, could you please send us your website credentials, so that we could give a closer look.

    You can send credentials by using our secure contact form: https://premium.wpmudev.org/contact/#i-have-a-different-question

    – To Mark to my attention, the subject line should contain only: ATTN: Nithin Ramdas

    -WordPress admin username

    -WordPress admin password

    -login URL

    -FTP credentials (host/username/password)

    -link back to this thread for reference

    -any other relevant URLs

    Please do follow up on the ticket once you have sent the above credentials. Have a nice day.

    Kind Regards,

    Nithin

  • roundhouseguys
    • Site Builder, Child of Zeus

    Hey Nithin,

    Thanks for your help. I just sent you some credentials via the form. Please note I’m working on getting FTP active for you, but won’t be able to get onto the server for an hour or so. I will let you know when FTP is available, and will send credentials through the secure form.

    Thank you again!

  • Nithin
    • Support Wizard

    Hi roundhouseguys,

    Thanks for sending in the login credentials, however, I’m afraid now I don’t see a way to replicate the issue any more in your website side.

    I tried setting up a proxy IP, and tried to log in with non-existing username(test), so Defender would block me out. Once done, I checked whether the site appeared blocked for other IP address/user but the website was accessible without any issue.

    It only blocked the proxy IP which was tested. Do you think is there any steps to replicate the issue noticed regarding this? or it occurs randomly? Are you able to replicate such issue with other websites?

    I’m afraid it’s tough to troubleshoot without replicating or seeing it live to say what exactly could be causing this. Since Defender Pro was disabled when I logged into your WP dashboard, I’m disabling the plugin back again.

    I’m also bringing the anomalies noticed regarding this to our developer too. Please advise if I’m missing anything specific regarding this so that it could be looked upon closely.

    Kind Regards,

    Nithin

  • roundhouseguys
    • Site Builder, Child of Zeus

    Hey Nithin,

    Thanks for checking it out–I don’t believe you’re missing any information. It just happens, which is why I’m also having a tough time troubleshooting.

    Can you advise on how to clear the IP blacklist manually? I can’t access the Dashboard with the plugin enabled, but I do have command line access. Then at least I can clear the rules and get myself back in, and hopefully continue to test with the plugin enabled.

    Thanks, again.

  • Nithin
    • Support Wizard

    Hi roundhouseguys,

    Can you advise on how to clear the IP blacklist manually?

    One more thing what I noticed was the same IP which appeared banned when I initially accessed your website didn’t get blocked the second time once you have stated the Cache was purged in Cloudflare.

    But since it still appeared blocked in your side it’s an odd behaviour, and cannot confirm whether cache has any role too. Would 1st recommend you to check whether you get blocked once the plugin is activated, if yes, you can add the following code inside /mu-plugins which should ensure the IP is whitelisted:

    <?php
    add_filter( 'ip_lockout_default_whitelist_ip', function ( $ips ) {
    $ip = '172.117.208.92';
    $ips[] = $ip;

    return $ips;
    } );

    You’ll have to replace the example IP in the above code, ie:

    $ip = '172.117.208.92';

    To your IP address, etc:

    $ip = '255.255.255.255';

    You can implement the above code via a mu-plugins, please check this article for more info:

    https://premium.wpmudev.org/manuals/wpmu-manual-2/using-mu-plugins/

    I have already brought this into our developer’s attention to see if there is anything specific that could help to troubleshoot the issue further, and will get back to you once I get further feedback asap.

    In the meanwhile, please do get back to us if you are able to replicate the issue again so that it could be looked upon asap.

    Kind Regards,

    Nithin

  • roundhouseguys
    • Site Builder, Child of Zeus

    Hey again,

    So, sporadically, miraculously, everything just works again. All of the sites that were borked by this little glitch are magically good to go. Not going to question it. Going to just let it be and chalk this up to internet goblins, because I still can’t find anything on my server, configs…ANYTHING…that’s out of the ordinary.

    Thanks again for your help, Nithin

    Cheers,

    Nick

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.