IP restrictions

Hey guys,

I’m having an issue with my 5 limit IP restriction and was wondering if you guys could point me in the right direction on what to do.

We are really happy and want to stay with a 5 IP address limit for the 30 day period on the site. Before we switched to wordpress (and s2member), we had many people sharing login info which defeats the purpose of having a paid subscription site.

Since we’ve switched we have had a decent number of people that still reach that 5 ip address limit, and according to the log-in log (also speaking with our customers directly) they only use 3 or 4 devices tops to view the site. I began to do some research on mobile devices and how IP addresses are handled over a 3g or 4g network, and I came to find out that most networks will use what’s called a Dynamic IP address for access via 3g or 4g, making the ip address different for every connection.

This causes a big problem for many of our subscribers. Mobile access is huge. We feel if we raise the over-all limit to more than 5 IP address, that this may allow more account sharing, which we want to put an end to.

But with the dynamic IP Address thing, this hinders users from being free to view the site on the go from their mobile device.

From what I’ve seen, there is no way for s2member to restrict IP address use on a per member basis. In other words, is there any way we can specify (by user) a IP limit. Because we have users that we trust and are not sharing, but would like to potentially give them a higher IP limit.

Do you have any other suggestions on how we can keep our content safe, but still give people more freedom in the mobile department?

Thank you!

Hi Cheryl,

s2Member currently doesn’t have this feature built-in, but you can do this through PHP. s2Member uses the following line of code in it’s IP Restriction processes that allows you to disable a specific IP restrction.

!apply_filters("ws_plugin__s2member_disable_specific_ip_restriction", false, get_defined_vars())

Something like this might work for you:

Bruce,
Thanks for the reply and thanks for the code snippet.

I would also like to know your thoughts on account security. One of the biggest problems that we’ve had in the past is finding out we had MANY people sharing accounts. We want to try and stop this as much as possible, and we had initially thought that the IP restriction would work great.

However we are getting many subscribers that are reaching their limits and my belief is that it’s because of the mobile devices and how they are dealt a unique (dynamic) ip address upon every connection over a 3g or 4g network.

Right now we are limited to 5 IP, which doesn’t seem to last long especially for our travelers. What we really want is to just keep people from sharing their accounts with other people to get our content. Is there a different way that we secure user accounts than by ip address?

I’m sorry to keep bringing it up. Thanks for your input.

Hi Cheryl,

IP restrictions really are a tricky situation with dynamic IPs now with so many people accessing sites on mobile devices. There’s no real solution to this that I’m aware of. You really have to decide whether having your site protected or serving customers with dynamic IPs is more important. This is something that all sites really have to deal with at one point or another, and there’s really no good way to allow both to happen at the same time.

Perhaps you could check if the user’s using a mobile browser, and disable IP logging then? Use this line to temporarily turn off IP restrictions:

add_filter('ws_plugin__s2member_disable_all_ip_restrictions', '__return_true');

Bruce,

I appreciate your response and honesty. We will decide what best suites our sites needs.

Thank you!

Bruce,

Again, I’m having more and more people complaining (and leaving) as members of our site due to this issue. I am actually working for the owner of the site, and he wants nothing less than a 5 IP limit, however, wants everyone to be able to access the site via mobile (as they should). I’ve expressed that there is nothing that pleases both sides (as you suggested in your previous response), and that just frustrates him.

Do you have others that struggle with this? And if so, how are they dealing with it?

Any thoughts? I’m sorry if I’m being a pain, but we just want to know the best solution.

Thank you!

Thanks for your great question.

I’m afraid I have not seen any details on how other users are dealing with this, other than just either disabling IP restrictions. Normally mobile devices would not cause this much trouble, so this problem is not normally a big problem.

Although s2Member’s processes currently cannot support this kind of restriction, but you could try using the code sample I posted in my last response to work around your current problem.

add_filter('ws_plugin__s2member_disable_all_ip_restrictions', '__return_true');

I have heard about the application Tera-WURFL, which may be useful for detecting mobile devices. It has somePHP files you can download with information that you can use to decide when to disable IP restriction with the above.

Alternatively, you may want to check out this article on Lightweight Device Detection.

Thanks for the response!

All of that info is greatly helpful. Thank you.

I have another idea of doing a 24hr restriction period versus a 30 day on the IP restriction. Where would one change that in the code?

Also, do you know of a way that we can list users based on their login activity? We are using S2stats to track login activity, but I’m wondering if there is a way to list them in the user dashboard based on who logins the most?

If we can see who is logging in the most, we can set our daily IP restriction based on those numbers?

Any suggestions?

Thanks for your reply.

I have another idea of doing a 24hr restriction period versus a 30 day on the IP restriction. Where would one change that in the code?

s2Member has a filter available for editing the amount of time that the IP restrictions last for, available within Dashboard -› s2Member® -› Restriction Options -› Unique IP Access Restrictions.

See: Knowledge Base » Hacking s2Member® Via Hooks/Filters

Also, do you know of a way that we can list users based on their login activity? We are using S2stats to track login activity, but I’m wondering if there is a way to list them in the user dashboard based on who logins the most?

If we can see who is logging in the most, we can set our daily IP restriction based on those numbers?

s2Member logs this information in your database in your options table. If you’d like to find info on where s2Member stores this information, you can find these processes within /s2member/includes/classes/ip-restrictions.inc.php.

As far as the s2Stats plugin goes, I am unaware of feature that would allow you to do this. I’d recommend asking the developers behind this plugin.

So I’ve attempted at adding a filter and I’m not a php wizard!

This is an attempt to change the IP restrictions length from 30 days to 24 Hours. Does this look about right?

<?php
add_filter("ws_plugin__s2member_ip_restrictions__concurrency_time_per_ip", "set_new_restrict_period");
function set_new_restrict_period($original_value, $vars = array())
	{
		if($original_value !== "24 Hours")
			return ($my_custom_value = "24 Hours");
 
		else # Return original value.
			return $original_value;
 
	}
?>

This is in my mu-plugins folder.

Will this do the trick?

Also, I’m wanting to set up an email to be sent to me when someone does reach their Limit.

I’m assuming that you set that up using an action filter with ‘ws_plugin__s2member_before_ip_restrictions_ok’
, but how can I include the user’s info in that email so I can research what happened? Is that possible?

Thanks for your help! Greatly appreciated!

That’s about as far as we can go on custom coding. We’ll be happy to provide you with more leads on where to find certain things, or to share ideas with you, but we can’t debug any custom code that you end up with; due to time constraints :-) Please see: s2Member® » Support Policy » Within Scope for some clarification on this. Thanks!

i understand. NO worries, I wasn’t asking for a debug. Just wanted to know if it looked like I was on the right track.

Thanks for all of your help.