WordPress.org

Ready to get started?Download WordPress

Forums

All In One WP Security & Firewall
[resolved] Brute Force Prevention breaks access to dashboard from WordPress bar menu (5 posts)

  1. Samuel Aguilera
    Member
    Posted 6 months ago #

    If you activated the brute force prevention you can't use the WordPress bar menu to access to the dashboard. That can be frustrating for some users.

    But it has an easy solution :)

    The firs rule for brute force prevention is:

    RewriteCond %{REQUEST_URI} (wp-admin|wp-login)

    To allow the use of the access to dashboard from the WordPress bar menu, simply change to:

    RewriteCond %{REQUEST_URI} (wp-login.php)

    And the brute force prevention remains intact, because in fact, we only need to protect wp-login.php, above paths are only shortcuts to this file when the user is not logged in.

    I hope you can consider this change for the next release.

    http://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

  2. wpsolutions
    Member
    Plugin Author

    Posted 6 months ago #

    If you activated the brute force prevention you can't use the WordPress bar menu to access to the dashboard.

    We tested the scenario you mention when we were implementing this feature and we made sure this works - and I can confirm that it does.
    As a matter of fact I just tried another test now on my site and the WordPress menu bar on the front end works fine when the brute force feature is enabled.

    Something else must be causing this on your site. Have you tried disabling all firewall rules to see if the menu bar works? (Also I would try with only the brute force feature active and all other rules disabled)

    Are you using any other plugins which are modifying your .htaccess file?

  3. Samuel Aguilera
    Member
    Posted 6 months ago #

    Not using any other plugin that modifies the .htaccess file.

    Only disabling the brute force prevention allows me to access to the dashboard using "www.example.com/wp-admin/" (that is the link on the WP admin bar menu), with brute force prevention enabled I get redirected to 127.0.0.1

    The only way I have to use "www.example.com/wp-admin/" while brute force prevention is active is using the modified rule that I posted above.

  4. mra13
    Member
    Plugin Author

    Posted 6 months ago #

    Is there a particular link in the admin bar that doesn't work or all the links in the wp admin bar doesn't work for you?

  5. Samuel Aguilera
    Member
    Posted 6 months ago #

    Well after more testing I found that this only happens when the cookie is expired.

    And by the way, enabling this method breaks the links in the emails for comment moderation too.

    For example, you can use this link when you recieve an email to moderate a comment:

    http://www.example.com/wp-admin/comment.php?action=approve&c=xxxx

    But anyway I suppose that it's a side effect of this protection method and not a bug...

    Thank you again for your support!

Reply

You must log in to post.

About this Plugin

About this Topic