[Defender Pro] Defender not honouring IP Whitelists – blocking 404's to cleared caches from w

Hi,
Defender has a number of whitelisted IP’s however it keeps blocking thyem still as we have a cache on the site (Hummingbird) and also Divi (which I believe caches it’s CSS and JS) when visitors to the site try to access the site after the cache has been reset they get locked out, because the cache no longer exists it is returning a 404.
I have whitelisted the folder path /wp-content/cache and wp/et-cache but should defender not be honouring the whitelisted IP addresses regardless of the 404’s?

  • Adam
    • Support Gorilla

    Hello Dan

    I hope you’re well today and thank you for your question!

    Defender should be using IP whitelists for all kind of possible lockouts it could enforce – whitelist should exclude given IP from “Login Protection” bans and “404 Detection”-triggered bans too.

    However, I think we might be dealing with something a bit more complex here. What’s bothering me is that, as you mentioned, that clearing cache causes 404 hits – this should never happen. Hummingbird’s Page Cache (and, for that matter, any other plugin/theme cache) works that way that if cache is cleared either not-cached version is served to the browser (including all necessary assets served “live”:wink: and then right away cache is re-created for related resources or related cache is regenerated upon requests and then cached version is served to the browser (using freshly created cache).

    It’s always one way or another, depending on caching tool. Unless there’s something more involved that “breaks’ that process. Quite often it’s some sort of an additional cache that’s either “built-in” into theme or some other plugin (“hard coded” so not even possible to clear easily) or it’s some “non-standard” way of serving assets by theme or some plugin(s) or some server-side/CDN cache.

    I would say that this is most likely the case and I suppose it might actually be some additional cache or “cache-like feature” because apart from the “404” situation that should never be happening after clearing cache, it does seem like white-list is not taken into account. That might mean that whitelist data are not properly fetched or that actually “lockouts got cached somewhere”.

    I’m aware that this sounds a bit “messy” and not really “conclusive” but the bottom line is that I believe there’s something more into it than just “whitelists not being honored by Defender”. The fact that there are 404-hits after cache clearing and that whitelist is not working for them – it’s not right and expected and seems to me like specific to setup and/or server.

    Would you mind me taking a closer look at your site’s configuration? It could help me get more insight into what’s happening exactly and why and that would be helpful in finding solution (or diagnosing a bug in the plugin if it is indeed a bug that we weren’t yet aware of).

    To grant a support access so I could check it, please go to the “WPMU DEV -> Support -> Support Access” page in site’s back-end, click on “Grant support access” button there and let me know here once it’s done as I won’t be notified automatically.

    I’ll then check the site (I won’t make any changes without your consent!) and see what to do next to deal with the issue.

    Best regards,
    Adam