search

10up / restricted-site-access

Limit access to visitors who are logged in or allowed by IP addresses. Includes many options for handling blocked visitors.
http://10up.com/plugins/restricted-site-access-wordpress/
GNU General Public License v2.0
231 stars 47 forks source link

Able to get to site from ip outside what is allowed #324

Closed austin0987654321 closed 2 months ago

austin0987654321 commented 3 months ago

Describe the bug

When caching is on, people are still able to view/get to the site from outside the specified ip addresses. This happens with both machines that have been on the network and move to a different network outside of the specified ip's along with machines that have never been on the network.

It is hit and miss but out of 6 different machines both that have been on the network before and ones that have not been on the network before, its about 1 out of 3 will be able to get to the site from outside the specified ip's.

Workaround currently, we have caching off and it seems to be working correctly now but it is super slow as one could imagine.

Steps to Reproduce

have machines try to get to the site outside the ip range and try on multiple different machines at least 10 different machines. Try in standard browsing mode and incognito or private browsing.

Screenshots, screen recording, code snippet

ipaddresses-allowed ipaddress-and-access

Environment information

windows 10 and 11 and Mac OS. Using chrome across multiple different devices including phones.

WordPress information

Wordpress 6.5.5 PHP 8.2 Restricted Site Access plugin version 7.5.1

`

wp-core

version: 6.5.5 site_language: en_US user_language: en_US timezone: America/Chicago permalink: /%postname%/ https_status: true multisite: false user_registration: 0 blog_public: 2 default_comment_status: open environment_type: production user_count: 6 dotorg_communication: true

wp-paths-sizes

wordpress_path: /wordpress wordpress_size: loading... uploads_path: /www/wp-content/uploads uploads_size: loading... themes_path: /www/wp-content/themes themes_size: loading... plugins_path: /www/wp-content/plugins plugins_size: loading... database_size: loading... total_size: loading...

wp-dropins (1)

db-error.php: true

wp-active-theme

name: Avada Child (Avada-Child-Theme) version: 1.0.0 author: ThemeFusion author_website: https://theme-fusion.com parent_theme: Avada (Avada) theme_features: core-block-patterns, fusion-builder-options, widgets-block-editor, title-tag, automatic-feed-links, custom-header, custom-background, woocommerce, wc-product-gallery-zoom, wc-product-gallery-slider, wc-product-gallery-lightbox, post-formats, post-thumbnails, fusion-builder-demos, menus, align-wide, wp-block-styles, editor-font-sizes, editor-color-palette, widgets, editor-style theme_path: /www/wp-content/themes/Avada-Child-Theme auto_update: Disabled

wp-parent-theme

name: Avada (Avada) version: 7.11.9 author: ThemeFusion author_website: https://themeforest.net/user/ThemeFusion theme_path: /www/wp-content/themes/Avada auto_update: Disabled

wp-plugins-active (27)

Advanced Custom Fields: version: 6.3.4, author: WP Engine, Auto-updates enabled Avada Builder: version: 3.11.9, author: ThemeFusion, Auto-updates disabled Avada Core: version: 5.11.9, author: ThemeFusion, Auto-updates disabled BetterLinks: version: 2.1.4, author: WPDeveloper, Auto-updates enabled BetterLinks Pro: version: 2.0.1, author: WPDeveloper, Auto-updates enabled Classic Editor: version: 1.6.4, author: WordPress Contributors, Auto-updates enabled Duplicate Page: version: 4.5.4, author: mndpsingh287, Auto-updates enabled Enable Media Replace: version: 4.1.5, author: ShortPixel, Auto-updates enabled Events Schedule WP Plugin: version: 2.5.17, author: Curly Themes, Auto-updates disabled FileBird Pro: version: 6.3.3, author: Ninja Team, Auto-updates enabled GP Entry Blocks: version: 1.0-beta-1.6, author: Gravity Wiz, Auto-updates enabled GP Limit Choices: version: 1.7.13, author: Gravity Wiz, Auto-updates enabled GP Limit Submissions: version: 1.1.18, author: Gravity Wiz, Auto-updates enabled GP Nested Forms: version: 1.1.60, author: Gravity Wiz, Auto-updates enabled GP Randomizer: version: 2.0.4, author: Gravity Wiz, Auto-updates enabled Gravity Forms: version: 2.8.15, author: Gravity Forms, Auto-updates enabled Gravity Forms SendGrid Add-On: version: 1.6.0, author: Gravity Forms, Auto-updates enabled Gravity Perks: version: 2.3.8, author: Gravity Wiz, Auto-updates enabled Members: version: 3.2.9, author: MemberPress, Auto-updates enabled Popup Maker: version: 1.19.0, author: Popup Maker, Auto-updates enabled Restricted Site Access: version: 7.5.1, author: 10up, Auto-updates disabled Reusable Blocks Extended: version: 0.9.1, author: audrasjb, Auto-updates enabled Site Kit by Google: version: 1.132.0, author: Google, Auto-updates enabled Slider Revolution: version: 6.6.15, author: ThemePunch, Auto-updates enabled WP Go Maps (formerly WP Google Maps): version: 9.0.40, author: WP Go Maps (formerly WP Google Maps), Auto-updates enabled WP Go Maps - Pro Add-on: version: 9.0.30, author: WP Go Maps, Auto-updates disabled WPS Hide Login: version: 1.9.16.7, author: WPServeur, NicolasKulka, wpformation, Auto-updates enabled

wp-media

image_editor: WP_Image_Editor_Imagick imagick_module_version: 1690 imagemagick_version: ImageMagick 6.9.10-23 Q16 x86_64 20190101 https://imagemagick.org imagick_version: 3.7.0 file_uploads: 1 post_max_size: 300M upload_max_filesize: 300M max_effective_size: 300 MB max_file_uploads: 20 imagick_limits: imagick::RESOURCETYPE_AREA: 85 GB imagick::RESOURCETYPE_DISK: 1.844674407371E+19 imagick::RESOURCETYPE_FILE: 786432 imagick::RESOURCETYPE_MAP: 85 GB imagick::RESOURCETYPE_MEMORY: 43 GB imagick::RESOURCETYPE_THREAD: 1 imagick::RESOURCETYPE_TIME: 1.844674407371E+19 imagemagick_file_formats: 3FR, 3G2, 3GP, AAI, AI, ART, ARW, AVI, AVS, BGR, BGRA, BGRO, BIE, BMP, BMP2, BMP3, BRF, CAL, CALS, CANVAS, CAPTION, CIN, CIP, CLIP, CMYK, CMYKA, CR2, CRW, CUR, CUT, DATA, DCM, DCR, DCX, DDS, DFONT, DNG, DPX, DXT1, DXT5, EPDF, EPI, EPS, EPS2, EPS3, EPSF, EPSI, EPT, EPT2, EPT3, ERF, FAX, FILE, FITS, FRACTAL, FTP, FTS, G3, G4, GIF, GIF87, GRADIENT, GRAY, GRAYA, GROUP4, H, HALD, HDR, HISTOGRAM, HRZ, HTM, HTML, HTTP, HTTPS, ICB, ICO, ICON, IIQ, INFO, INLINE, IPL, ISOBRL, ISOBRL6, JBG, JBIG, JNG, JNX, JPE, JPEG, JPG, JPS, JSON, K25, KDC, LABEL, M2V, M4V, MAC, MAGICK, MAP, MASK, MAT, MATTE, MEF, MIFF, MKV, MNG, MONO, MOV, MP4, MPC, MPEG, MPG, MRW, MSL, MTV, MVG, NEF, NRW, NULL, ORF, OTB, OTF, PAL, PALM, PAM, PATTERN, PBM, PCD, PCDS, PCL, PCT, PCX, PDB, PDF, PDFA, PEF, PES, PFA, PFB, PFM, PGM, PGX, PICON, PICT, PIX, PJPEG, PLASMA, PNG, PNG00, PNG24, PNG32, PNG48, PNG64, PNG8, PNM, PPM, PREVIEW, PS, PS2, PS3, PSB, PSD, PTIF, PWP, RADIAL-GRADIENT, RAF, RAS, RAW, RGB, RGBA, RGBO, RGF, RLA, RLE, RMF, RW2, SCR, SCT, SFW, SGI, SHTML, SIX, SIXEL, SPARSE-COLOR, SR2, SRF, STEGANO, SUN, TEXT, TGA, THUMBNAIL, TIFF, TIFF64, TILE, TIM, TTC, TTF, TXT, UBRL, UBRL6, UIL, UYVY, VDA, VICAR, VID, VIFF, VIPS, VST, WBMP, WEBP, WMV, WPG, X, X3F, XBM, XC, XCF, XPM, XPS, XV, XWD, YCbCr, YCbCrA, YUV gd_version: 2.3.3 gd_formats: GIF, JPEG, PNG, WebP, BMP, XPM ghostscript_version: unknown

wp-server

server_architecture: Linux 5.15.154+ x86_64 httpd_software: Flywheel/5.1.0 php_version: 8.2.21 64bit php_sapi: fpm-fcgi max_input_variables: 10000 time_limit: 180 memory_limit: 200M max_input_time: 60 upload_max_filesize: 300M php_post_max_size: 300M curl_version: 7.68.0 OpenSSL/1.1.1f suhosin: false imagick_availability: true pretty_permalinks: true htaccess_extra_rules: true current: 2024-07-30T14:43:08+00:00 utc-time: Tuesday, 30-Jul-24 14:43:08 UTC server-time: 2024-07-30T09:43:06-05:00

wp-database

extension: mysqli server_version: 5.7.44-google client_version: mysqlnd 8.2.21 max_allowed_packet: 33554432 max_connections: 4030

wp-constants

WP_HOME: https://nebcoinc.net WP_SITEURL: https://nebcoinc.net WP_CONTENT_DIR: /www/wp-content WP_PLUGIN_DIR: /www/wp-content/plugins WP_MEMORY_LIMIT: 200M WP_MAX_MEMORY_LIMIT: 200M WP_DEBUG: false WP_DEBUG_DISPLAY: true WP_DEBUG_LOG: false SCRIPT_DEBUG: false WP_CACHE: false CONCATENATE_SCRIPTS: undefined COMPRESS_SCRIPTS: undefined COMPRESS_CSS: undefined WP_ENVIRONMENT_TYPE: Undefined WP_DEVELOPMENT_MODE: undefined DB_CHARSET: utf8 DB_COLLATE: undefined

wp-filesystem

wordpress: not writable wp-content: writable uploads: writable plugins: writable themes: writable mu-plugins: writable

acf

version: 6.3.4 plugin_type: Free ui_field_groups: 1 php_field_groups: 0 json_field_groups: 0 rest_field_groups: 0 post_types_enabled: true ui_post_types: 15 json_post_types: 0 ui_taxonomies: 10 json_taxonomies: 0 rest_api_format: light admin_ui_enabled: true field_type-modal_enabled: true field_settings_tabs_enabled: false shortcode_enabled: true registered_acf_forms: 0 json_save_paths: 1 json_load_paths: 1

google-site-kit

version: 1.132.0 php_version: 8.2.21 wp_version: 6.5.5 reference_url: https://nebcoinc.net amp_mode: no site_status: connected-site user_status: authenticated verification_status: verified-file connected_user_count: 1 active_modules: site-verification, search-console, analytics-4, pagespeed-insights recoverable_modules: none required_scopes: openid: ✅ https://www.googleapis.com/auth/userinfo.profile: ✅ https://www.googleapis.com/auth/userinfo.email: ✅ https://www.googleapis.com/auth/siteverification: ✅ https://www.googleapis.com/auth/webmasters: ✅ https://www.googleapis.com/auth/analytics.readonly: ✅ capabilities: googlesitekit_authenticate: ✅ googlesitekit_setup: ✅ googlesitekit_view_posts_insights: ✅ googlesitekit_view_dashboard: ✅ googlesitekit_manage_options: ✅ googlesitekit_update_plugins: ✅ googlesitekit_view_splash: ✅ googlesitekit_view_authenticated_dashboard: ✅ googlesitekit_view_wp_dashboard_widget: ✅ googlesitekit_view_admin_bar_menu: ✅ googlesitekit_view_shared_dashboard: ⭕ googlesitekit_read_shared_module_data::["search-console"]: ⭕ googlesitekit_read_shared_module_data::["analytics-4"]: ⭕ googlesitekit_read_shared_module_data::["pagespeed-insights"]: ⭕ googlesitekit_manage_module_sharing_options::["search-console"]: ✅ googlesitekit_manage_module_sharing_options::["analytics-4"]: ✅ googlesitekit_manage_module_sharing_options::["pagespeed-insights"]: ✅ googlesitekit_delegate_module_sharing_management::["search-console"]: ✅ googlesitekit_delegate_module_sharing_management::["analytics-4"]: ✅ googlesitekit_delegate_module_sharing_management::["pagespeed-insights"]: ⭕ enabled_features: adsPax: ⭕ audienceSegmentation: ⭕ consentModeSwitzerland: ⭕ conversionInfra: ✅ gm3Components: ⭕ privacySandboxModule: ⭕ rrmModule: ⭕ active_conversion_event_providers: popup-maker: submit_lead_form consent_mode: disabled consent_api: not-detected search-console_shared_roles: none search-console_management: owner analytics-4_shared_roles: none analytics-4_management: owner pagespeed-insights_shared_roles: none pagespeed-insights_management: all_admins search_console_property: https://nebcoinc.net/ analytics_4_account_id: 2558••••• analytics_4_property_id: 3517642•• analytics_4_web_data_stream_id: 4466•••••• analytics_4_measurement_id: G-9S•••••••• analytics_4_use_snippet: yes analytics_4_ads_conversion_id: none analytics_4_available_custom_dimensions: none analytics_4_ads_linked: false analytics_4_ads_linked_last_synced_at: 1722350450

`

Code of Conduct

Sidsector9 commented 2 months ago

@austin0987654321 what kind of caching is implemented on your site? Let us know if you're using any WordPress plugins, it'll help us narrow down the problem, thanks!

austin0987654321 commented 2 months ago

Currently use Flywheel for hosting and we have caching disabled through them as the plugin does not work with caching turned on. We are not using a plugins for caching but below is a list of plugins we use. They are all up-to-date and working as they should be. image

Sidsector9 commented 2 months ago

Okay, looks like page caching. This plugin is incompatible with some page caching solutions. We have documented it here. I am closing the issue as unfixable. Please feel free to reopen if needed.