Guy who's managing content on a site send me this screenshot. It says that he's IP was blocked. But I don't see any bans in admin panel (screenshot).
Also I just noticed that if I change a language of a system on this path:
/dashboard/system/basics/multilingual
it doesn't change it even after re-log in. Something's not right here...
you can see from your settings that IP bans only last 10 minutes. Your admin may have been banned and then un-banned after 10 minutes so you wouldn't see it in the list.
Best option is to ask him to try again.
Related
Is it possible allow a visitor to see only a post?
I think it would be safer if it is restricted by IP instead by cookies.
For instance the plugin WP POST RATINGS of Lester Chan has the option to allow 1 voting by IP.
If you’re not requiring a login, Cooke’s or local storage are you’re only viable solution.
IP checks are flawed in that any number of users on a local network will make requests from the same public IP address.
I understand your concern but most users are not incentivized or knowledgeable enough to understand that clearing their cookies would potentially allow a second “vote”.
So unless you go to a full Auth system you’re better off with cookies.
Hide another pages for visitor. You can use "Anonymous Restricted Content" plugin for hide page for not logged in users.
Whenever I open my website admin https://www.examplesite.com/wp-admin
it is redirecting to homepage.
Edit: This answer was using the original URL as given by OP, and later edited/removed by David.
It works fine for me - presenting the admin login screen as expected, so maybe too many bad logins from your IP / address and it's therefore redirecting you.
Try logging in from a friends computer or via Tor Browser and then reset the list of banned IPs?
Or if you have access to the database (and knowledge thereof) you can clear the table of bad login attempts to re-enable your usual access.
I have a weather widget on our homepage that uses the users IP to display current local weather. The issue is that the first person to land on the homepage sees the correct weather but then all other users see the first users weather.
Obviously the homepage gets a lot of traffic so turning the cache off on the page is not an option.
What steps do i need to take to not cache just that widget/plugin on the homepage? Since it is a widget that might some day appear on other pages it would be great if the whole thing could be exempt but I don't even have a clue how to start?
As an additional note, the widget makes an api request to a 3rd party service with the IP address as one of the parameters.
Thanks in advance.
If the IP address of the user is included in the homepage as it is returned to the user, you will not be able cache the page without the side-effect you are having.
My suggestion would be to try and get that IP address info to the widget in a separate request. You would need to load the homepage first, without the users IP included, and them make a 2nd request from your Javascript (You could use Ajax/Websockets etc) that gets the ip address from the server, updates the HTML for the widget and makes it display the weather.
It's more work, and the exact implementation will depend on how the widget works.
Hopefully this sends you in the right direction :)
The company I work for have a small Plone blog. But we have a problem with spam accounts. We use captcha on the site and Plone sends a mail to the users that they must confirm before they can edit the user profile. Still about 600 spam users are created every day. In the Plone user profile they paste all kinds of commercial links.
We are located in Denmark and the blog is in danish, therefore I have made a script to delete all users with a non danish mail adress. But even though most of the real users have a danish mail account I probably still deletes some real users when running the script.
The spam users register from a vide range of ip-adresses, so blocking ip's is not an option.
Does anyone have ideas to what to do about this problem?
Disable Plone comments/public user creation and use a third party commenting service such as Disqus.
They somehow trick recaptcha (if you find out, please let me know :)
But how do they do the email validation? They don't have to. Plone join_form has a hidden field for password which is filled by this bot and Plone saves it as the real password (check the REQUEST object comming from this bot)
So the bot doesn't need to check email for password. That's how they get in and activate those accounts. So fix the hidden password field from join_form.
Then, remove all users that have links in their profile description (as a real user you don't do that, do you?). Also don't let the users to input HTML within their profile description.
I have a WordPress site. Like with many WordPress sites I see people (probably robots) trying their luck at the login page every once in a while. However, for the past 2 weeks it’s been non-stop at a rate of 400-500 tries a day…
So I went ahead and took the following security measures:
Changed the login URL to something different than the regular /wp-admin.
Limit the number of login attempts per URL and also automatically block any IP trying to login with an invalid username such as “test” or “admin”.
Set up two factor authentication to make sure that even though they tried they would not manage to get in, even if they guessed the username and password.
However that didn’t seem to do much and I’m still seeing a huge number of login attempts, so next thing I did was:
Password protect the login URL itself.
And still I’m seeing the same number of login attempts… now my questions are basically 2:
How are they managing to still try their luck at the login form even if that page is password protected?
Is there anything else I can do about it?
Cloudflare offers a free entry level plan that may help reduce some of this traffic before it gets to your site. Also, their $20/month plan (as of Aug 2017) can be paired with their WordPress plugin to use their built-in WordPress rulesets. CloudFlare also has a few more settings to allow you to put a few more filters and road blocks in front of specific types of traffic.
If you do choose to use CloudFlare with WordPress, be sure you understand exactly how/if you are choosing to push content into the CloudFlare CDN (content delivery network) and how that relates to the content cache on your site.
Standard disclaimer: I have no relationship with CloudFlare except as a customer.