Beginning with versions 9.3.2 (Basic) and Solid Security 8.4.1 (Pro), certain Solid Security modules are disabled when an IP Detection method has not been configured in Global Settings.
In this situation, a "Feature not available" notice (pictured below) will be displayed for the following modules:
- Ban Users
- Local Brute Force
- Network Brute Force
Additionally, the Firewall and CAPTCHA modules will operate with reduced functionality while in this state.
How Can I Restore Full Functionality?
To re-enable bans and lockouts, navigate to Security > Settings > Global Settings (tab), then scroll to IP Detection and select the Proxy Detection method that matches your server setup.
The simplest option is to choose "Security Check Scan (Recommended)" which causes your site to connect to an API provided by SolidWP.
Note: Users of Solid Security Basic must enable "Security Check Pro" at Security > Settings > Features > Utilities (tab) for the "Security Check Scan (Recommended)" option to appear.
The system then automatically detects the method that works for your current scenario and updates your Solid Security configuration accordingly. This operation then repeats on a regular basis to ensure that the correct configuration is in place even if changes are made to your hosting setup.
Alternatively, if you know how your site connects to the internet, you may choose from the following Proxy Detection options:
- Disabled - choose this option when your site connects directly to the internet and is not behind a proxy.
- Manual - choose this option if your site is behind a proxy and you know which HTTP header format your proxy uses to supply the IP address information for visitors.
Why Does the IP Detection Method Matter?
Protecting your site from malicious users by banning them and/or locking them out requires that Solid Security is able to accurately determine their IP addresses. This is straightforward as long as your site connects directly to the internet.
If your site is behind a proxy server, however, Solid Security must rely upon IP address information contained in HTTP headers supplied by the proxy.
Proxy servers are commonly used to improve performance, such as caching solutions (e.g. Cloudflare) and load balancers. They are also used for external security, such as web application firewall (WAF) solutions.
Why Not Just Read the Proxy Headers?
Earlier versions of Solid Security provided an option to read the supplied proxy headers in a predetermined order to discover the IP addresses of visitors. This was labeled "Automatic" proxy detection, and was essentially equivalent to how most other systems worked. Malicious actors ultimately realized that it was trivial to spoof their IP addresses by supplying false HTTP headers, and so, Solid Security added the "Insecure" label to this option.
In order to more accurately provide users a more accurate understanding of the risks and implications of using this configuration, Solid Security now disables lockouts and bans when it has not been configured to detect IP addresses of visitors accurately.