New to the community? Start here

Tony G
Mr. LetsFixTheWorld
1,428 pts: Hero points 2,738 pts: Rep. points LEVEL 14

[Defender] Auto-whitelist current administrator

I’m logged-in to a site as an administrator with Firefox. I open Chrome to test a new NoCaptcha plugin. As I’m moving between login and registration pages, Defender blocks my IP address.

OK, so it’s doing what it should for someone who isn’t recognized. But I’m already logged in as an administrator. So I want my current IP to be whitelisted.

1) I will ask for an enhancement to auto-whitelist an IP that is used as a valid login to an administrator role. Or perhaps, whitelist whatever IP visits the Defender settings page.

2) To reduce the load on WPMU DEV staff, can someone just tell me what I can hook or what function I can call to perform this operation on my own? I can check is_admin of course, and get my own IP address. The next step would be to call the function in Defender that does whitelisting. I can add this into my own plugin.

Thanks.

Sun, 11 Mar 2018 22:31:25

Tony G
- Mr. LetsFixTheWorld
- 1,428 pts: Hero points 2,738 pts: Rep. points LEVEL 14
Note that my IP was blocked while I was already logged-in. Perhaps Defender can be made a little smarter? Check to see if the user is currently logged in before displaying the message “The administrator has blocked your IP from accessing this website.”

Is there a use-case where someone who is already logged in would need to be blocked out? I don’t think so but perhaps this could be another option.

This is especially true if the user is logged-in with the manage_options capability.
Nastia
- Ex Staff
- 7,591 pts: Hero points 11,172 pts: Rep. points LEVEL 28
Hello Tony G

Hope you’re doing well!

Thank you for your suggestion. It makes sense to auto-whitelist logged in admin’s IP address. Hopefully, more members will request this feature and our developers will consider developing it.

As for plugin’s hook, I’ve flagged this to our second level support developers so they could provide you some feedback. Please note, our developers’ response time is longer-than-normal compared to support staff response times.

Kind regards,

Nastia
Nathan
- Getting there
- 333 pts: Hero points 517 pts: Rep. points LEVEL 6
+1
Ivan Svyrskyi
- Developer
- 445 pts: Hero points 1,347 pts: Rep. points LEVEL 9
Hi Tony G and Nathan !

Until you wait when other members will request this feature and our developers will consider developing it – you could try adding the following snippet in a MU plugin ( more info about MU plugins is here )
```
<?php

function wpmu_defender_add_admin_to_whitelist( $user_login, $user ) {

if ( !empty( $user->ID ) && user_can( $user->ID, 'manage_options' ) && class_exists( 'WP_Defender' ) ) {

$ip = WP_DefenderBehaviorUtils::instance()->getUserIp();

WP_DefenderModuleIP_LockoutModelSettings::instance()->addIpToList( $ip, 'whitelist' );

}

}

add_action( 'wp_login', 'wpmu_defender_add_admin_to_whitelist', 10, 2 );
```
Best,

Ivan.
- Nathan
  - Getting there
  - 333 pts: Hero points 517 pts: Rep. points LEVEL 6
  Ooh thank you. Will give this a go! It’s always better safe than sorry, right?
- Tony G
  - Mr. LetsFixTheWorld
  - 1,428 pts: Hero points 2,738 pts: Rep. points LEVEL 14
  YEAH BABY – That is what I’ve been talking about! :slight_smile:
  
  Thanks Ivan !! That code will definitely be used in many places!
  
  I feel like a little kid, except, totally excited by code rather than a trip to toyland…
  
  (James Farmer – this is working!)

How do you rate me?

Thank you for rating your experience!