Locked out by Defender while "Hardening" site

I did a recommended action of WP Defender - it was hiding vulnerabilities of WP with a htaccess.
Then I went to the others suggestions of Defender, to fix php error logs (delete them) but I wasn't able to delete them because Defender locked me out.

I've been able to disable Defender from the Hub, but would like to know why I was locked out in the first place so it does not happen again.

  • Bojan Radonic

    Hey there Phillip Roru,

    How are you doing today?

    The lockout message you mentioned in the chat with Samantha should lockout only subscribers and visitors so it shouldn't really lock you out as an admin.

    With regards to this not happening again there's a handy code snippet made by our developer that will automatically whitelist user with an admin account so we can use that to prevent this from happening again:

    add_filter( 'ip_lockout_default_whitelist_ip', function ( $ips ) {
        if ( current_user_can( 'manage_options' ) ) {
            $ips[] = WD_Utils::get_user_ip();
        }
    
        return $ips;
    } );

    You can add this to your theme functions.php (preferably child theme because you don't want your changes lost once you update the theme) or you can add it as a mu-plugin. You'll find more information on how to use mu plugins here: https://premium.wpmudev.org/manuals/wpmu-manual-2/using-mu-plugins/.

    If you need additional help or you're not comfortable with making these changes please let me know and I'll be happy to assist you further on this :slight_smile:

    Now with regards to investigating this further I can see that you've granted support access on two sites and both of them have Defender installed and activated so can you please let me know on which site this happened (and when if possible) so in case you want us to check this out we can take a close look to the logs and try to see what happened there.

    Cheers,
    Bojan