Support

You have entered your IP address in the administrator IP whitelist or one of the "never block these IPs" lists in the Configure WAF page. As documented, this means that absolutely no protection is taking effect for your IP, including the administrator secret word protection. Therefore the honeypot didn't break your firewall.

I have enabled the honeypot integration for this site ever since I introduced that feature and I am pretty darn sure that the firewall does work. Especially regarding the administrator key, please try accessing the administrator URL on this site. Do you see what I mean? Just for sanity's sake, I tried to reproduce your issue on another 7 servers. In all cases, enabling the Project Honeypot integration does not have any effect whatsoever on the operation of the firewall. Possible causes:
- You've entered your IP or a block of IP addresses in one of the whitelists I mentioned
- You have a partial installation of Admin Tools
- The Admin Tools system plugin is either disabled, or is not the first one to load (if unsure give it an order of -30000 or another very high negative number)
- Your site is behind a reverse proxy which doesn't forward the visitor's IP transparently. In this case, all visitors to the site are assigned the same IP and Admin Tools' IP-based protection features no longer work. This usually happens when you put Nginx in front of Apache without configuring the IP forwarding properly.
- The PH integration uses DNS lookups (that's how PH works). If, for any reason, that doesn't work it is possible that the page will time out. However, in this case, you would get a blank page or an error page. It would certainly not just turn off the firewall.

You can also try disabling the Project Honeypot integration and test if the firewall is still disabled. I can't replicate this issue on any other site (and nobody else has reported something like that), so I believe it's not a bug. Besides, looking at the code, there is no way enabling the PH integration could disable the firewall. It would be the equivalent of saying that your car's parking brake no longer working when you use the cigarette lighter. Just like these two subsystems are completely isolated from each other in a car, PH integration and all of the other features you mention are also separate from each other. The only way there could be an interference would be that PH reports the IP as belonging to a spammer/hacker. In this case no other firewall feature would run, but the request would be blocked. That's exactly how each individual feature of the WAF works; if an attack is identified, the request is blocked and nothing else runs on the site.