WordPress.org

Ready to get started?Download WordPress

Forums

All In One WP Security & Firewall
[resolved] Can't get 'cookie based brute force' feature to work (7 posts)

  1. jamminjames
    Member
    Posted 1 month ago #

    When I tried setting up the 'cookie based brute force' feature, here's what happened:

    I did the cookie test, and passed. Then, I set up a 'secret word' and checked the box to enable it and saved.

    Now, when I go to the url (http://www.yoursite.com/?yoursecretword=1), it brings up my home page, not a login page. So, I clicked the login link on my page, but that goes to the http://127.0.0.1 page.

    Trying the secret word on the wp-login.php page doesn't work either.

    So, how do I get to the login?

    Also, I would need this to work for other contributors to my site. So, if I give them the secret word and tell them to append it to the site url, will it work for them?

    https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

  2. wpsolutions
    Member
    Plugin Author

    Posted 1 month ago #

    Did you copy and paste the exact special URL which was given to you by this plugin when you enabled that feature?

  3. jamminjames
    Member
    Posted 1 month ago #

    Yes, definitely. Made sure of it, tried a couple times, on different computers, flushing the cache, etc.

    I did have Ajax login, but disabled that plugin, and it made no difference.

  4. jamminjames
    Member
    Posted 1 month ago #

    Also, when I hit the 'Account Activity Logs' tab in the User Login section, I get a "Forbidden - You don't have permission to access /wp-login.php on this server." The url at that point is http://www.humortimes.com/wp-login.php?redirect_to=http://www.humortimes.com/wp-admin/admin.php?page=aiowpsec_userlogin&aiowps_login_msg_id=session_expired

  5. jamminjames
    Member
    Posted 1 month ago #

    I think that last thing has to do with the cache, when I came back later it was ok. I had that happen again somewhere else in the admin for the plugin. I had just logged back in, after being forced to, because I had it set to allow only an hour logged in at a time.

    I would still like help with the original problem, the 'cookie based brute force' feature, however...

  6. mbrsolution
    Member
    Posted 1 month ago #

    Hi @jamminjames in some cases the Cookie Based Brute force might not work well with current server settings. Please try and enable the "rename login page" feature.

    Kind regards

  7. jamminjames
    Member
    Posted 1 month ago #

    I have back end access to my server and I checked it out. Indeed, logs show that the secret key I chose for the Cookie based feature was too long, there's a setting limiting that. I'll try it out with a shorter one.

Reply

You must log in to post.

About this Plugin

About this Topic