Site Manager Firewall and IP Management

Each Site Manager account includes automatic brute force protection to secure your admin login from unauthorized access attempts. The system features progressive blocking that escalates from temporary restrictions to permanent server-level blocks, while allowing administrators to whitelist trusted IPs for reliable access.

Accessing IP Management Tools

To monitor and manage blocked IPs, navigate to: Administration → Security → Blocked IP Addresses

This unified interface displays all IP blocking activity and provides management tools for different types of blocks.

Understanding Block Types

The firewall system categorizes IPs into three main types:

1. Manual Blocks

These are IPs manually blocked by administrators for spam, abuse, or other security reasons.

  • Block Types: All Access, Website Only, or Site Manager Only
  • Management: Can be edited, deleted, or converted to whitelist entries
  • Use Case: Blocking known malicious IPs or problematic visitors

2. Brute Force Blocks

Automatically created when IPs exceed failed login attempt thresholds.

  • Temporary Blocks: Triggered after 5 failed attempts in 10 minutes
  • Permanent Blocks: Applied after 3 temporary blocks (added to server firewall)
  • Management: Can be cleared or whitelisted, but not edited
  • Progression: Failed attempts → temporary block → permanent CSF block

3. Whitelisted IPs

Trusted IPs that bypass all firewall rules and blocking mechanisms.

  • Purpose: Prevent administrator lockouts and ensure reliable access
  • Scope: Bypasses both manual blocks and brute force protection
  • Management: Can be edited with descriptions and expiration dates
  • Safety Feature: Essential for testing and configuration changes

Brute Force Protection Details

The automatic protection system works as follows:

Detection Thresholds:

  • 5 failed login attempts within 10 minutes triggers temporary blocking
  • 3 temporary blocks results in permanent server-level blocking via CSF
  • Blocked IPs cannot access the login form until the restriction expires or is cleared

Progressive Escalation:

  1. First 4 attempts: Login allowed with warning message showing remaining attempts
  2. 5th attempt: Temporary block activated, login form disabled
  3. After multiple temporary blocks: Permanent CSF firewall block applied
  4. Permanent blocks: Require administrator intervention to remove

Managing IP Access

Blocking an IP Address

To manually block an IP:

  1. Click "Create Manual Block"
  2. Enter the IP address and select restriction type
  3. Add a description explaining the reason for blocking
  4. Choose scope: All Access, Website, or Site Manager only

Whitelisting an IP Address

To protect an IP from all blocking:

  1. Click "Whitelist IP Address"
  2. Enter the IP and descriptive reason
  3. Optionally set an expiration date
  4. Enable "Clear Existing Blocks" to remove any current restrictions

Recommendation: Always whitelist your primary administrative IPs to prevent accidental lockouts during testing or password recovery.

Clearing Brute Force Blocks

For IPs blocked by failed login attempts:

  • Clear All Blocks: Removes the IP from all firewall tables
  • Add to Whitelist: Converts the blocked IP to a trusted whitelist entry
  • Historical blocks: Remain visible for security auditing but don't affect access

Action Options by Block Type

Manual Blocks: Edit, Delete, Add to Whitelist Brute Force Blocks: Clear All Blocks, Add to Whitelist
Whitelisted IPs: Edit, Remove from Whitelist

Best Practices for IP Management

To maintain security while ensuring reliable access:

  • Whitelist office/admin IPs: Add your primary administrative IP addresses to prevent lockouts
  • Monitor brute force activity: Review blocked IPs regularly to identify attack patterns
  • Clear legitimate blocks promptly: Help users who may have triggered blocking accidentally
  • Use descriptive notes: Document reasons for manual blocks and whitelist entries
  • Set whitelist expiration: Use temporary whitelist entries for contractors or temporary access

Understanding the Interface

The IP management interface displays:

  • IP Address: The blocked or whitelisted address
  • Block Type: Color-coded badges showing Manual (blue), Brute Force (yellow), or Whitelisted (green)
  • Description: Reason for blocking or additional details
  • Last Updated: When the entry was created or modified
  • Actions: Management options appropriate for each block type

Troubleshooting Access Issues

If you're locked out of your admin panel:

  • Check if your IP changed: Internet providers sometimes rotate IP addresses
  • Use an alternate connection: Try accessing from mobile data or a different network
  • Contact support: Our team can clear blocks or add whitelist entries remotely

Need Help?

For questions about IP blocking, whitelist management, or if you're experiencing access issues, contact our support team anytime. We can help identify problematic IPs, adjust firewall settings, or provide emergency access restoration.

The firewall system is designed to provide robust security while maintaining administrative flexibility - proper use of whitelist entries ensures you'll always have reliable access to manage your site.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Resetting Your Site Manager Password

The Site Manager has two types of accounts: The Administrator Account, which uses a username...

Web Statistics Not Working

Web statistics are shown based upon the domain that is used to access the Site Manager. Would you...

Changing your password

To change your Site Manager password, go to the account menu in the top right of the header area...

Secure certificates and content

Your website has a secure certificate installed and may be viewed using "https".When your website...

Custom code

Custom code can be entered in a few ways:1) To add code inside the Head tags, go to...