For those who are familiar with the All In One WP Security and Firewall plugin, you will already know about one of the existing features called Login Lockdown which is located in the User Login menu.
This feature will “lockdown” or “lock out” any IP address which attempts to login to your WordPress site but matches the criteria of the Login Lockdown settings such as exceeding the maximum failed login attempts or using a username which does not exist in any of your WordPress accounts. The feature also has a release time setting which will unlock that IP address after the configured time has elapsed.
Although the Login Lockdown feature has a configuration item which allows a user to unlock themselves, people were still having issues with the frustration of being regularly locked out because they forgot their username or password, or repeatedly miss-typed one or both of these. Therefore after some requests from people in the wordpress.org forums I have implemented a new Login Lockdown whitelist feature.
The feature is quite simple in the way it works – basically you can enter some IP addresses or address ranges into the settings of this new feature and these IP addresses will then be permanently immune from being blocked by the Login Lockdown feature. This means that even if you exceed the maximum failed login attempts or do anything else which the Lockdown feature would normally lock you out for, you will not be locked out.
Below is a summary of how to use this feature:
1) Go to the Login Lockdown settings page
2. From the Login Lockdown settings page scroll down till you see the “Login Lockdown IP Whitelist Settings” section. In this section, configure your settings and save them. (see figure below)
(NOTE: the whitelist settings described above will only work if you have enabled the Login Lockdown feature.)
And that’s it! Once you have enabled the Login Lockdown whitelist settings and configured the relevant IP addresses, you and your friends/colleagues will be immune from being locked out by the Login Lockdown feature.
This feature will be available in the next release (4.2.6) of the All In One WP Security and Firewall plugin.