Problem with cookie-based brute force protection

  • Resolved boybawang

    (@boybawang)


    1 month, 2 weeks ago

    Hello –

    I have cookie-based brute force protection enabled. For some reason, setting the secret code ({site_url}?{secret_word}=1) doesn’t work. I then have to place the following in wp-config.php to be able to log in:

    define(‘AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION’, true);

    What is the name of the cookie that should be placed in my browser? I’d like to see if it’s being placed there. I’m using Google Chrome.

    I have the option enabled for My site has a theme or plugins which use AJAX:, but I would hope this isn’t the issue.

    Thanks

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    1 month, 2 weeks ago

    Hi @boybawang,

    The secret word needs to be used here. Please let me know if you still can’t log in after using it.

    Could you also check that cookies are enabled in your browser?

    https://snipboard.io/r4mGsA.jpg

    Regards

    Thread Starter boybawang

    (@boybawang)

    1 month, 2 weeks ago

    @hjogiupdraftplus – Yes, I have cookies enabled in my browser and verified that I’m using the secret password in that field. I still have problems logging in when I set that cookie. What is the name of the cookie? I’d like to search my browser and see if it’s set.

    EDIT: When I viewed Chrome Dev Tools (Network tab), it showed that the URL for the cookie is being blocked (403 Forbidden). When I deactivate the AIOS plugin, that same URL is not blocked. It shows a 200 header response.

    EDIT2: If I disable the option for Enable IP whitelisting within the Login whitelist tab, it works fine. Is this a known issue?

    • This reply was modified 1 month, 2 weeks ago by boybawang.
    • This reply was modified 1 month, 2 weeks ago by boybawang.
    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    1 month, 2 weeks ago

    Hi @boybawang,

    If you have the Brute Force → Login Allowlist feature enabled, accessing the site using {site_url}?{secret_word}=1 may show a 403 Forbidden error if you’re connecting from an IP address that isn’t on the allowlist.

    Please check your IP address using https://whatismyipaddress.com/ if you are accessing it through a browser. You may use the constant below to disable it.

    define( 'AIOS_DISABLE_LOGIN_WHITELIST', true );

    Regards

    Thread Starter boybawang

    (@boybawang)

    1 month, 2 weeks ago

    @hjogiupdraftplus – If I’m the only person who logs into my site, should I just disable the Enable IP whitelisting within the Login whitelist tab?

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    1 month, 2 weeks ago

    Hi @boybawang,

    If you do not have a static IP address ( same all the time ) internet connection. You should disable the Login whitelist feature.

    If the IP address does not match, it will show the 403 error.

    Regards

    Thread Starter boybawang

    (@boybawang)

    1 month, 2 weeks ago

    OK, thank you @hjogiupdraftplus

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    1 month, 2 weeks ago

    Hi @boybawang,

    Would you mind writing a quick five-star review on wordpress.org?

    https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/#new-post

    Reviews also help others to make confident decisions about our plugin.

Viewing 7 replies - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.