WordPress.org

Ready to get started?Download WordPress

Forums

All In One WP Security & Firewall
[resolved] subsite lockout (8 posts)

  1. skaye123
    Member
    Posted 9 months ago #

    Greetings:

    First, thank you guys for an excellent plugin! I have enabled most of the features, scoring 230. I am running a multi-site install and seem to be lockout-out of my subsites now. I get redirected to http://127.0.0.1/ when selecting a subsite from the main site's dashboard (mysites>subsite>dashboard).

    Also, when I try to access the sub-sites admin/login panel, I get redirected to 127.0.0.1 I even tried to set the cookie using the secret word on the sub-site but that doesn't seem to work, I just get the regular index page.

    Any ideas?

    http://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

  2. skaye123
    Member
    Posted 9 months ago #

    Additional info:

    After unchecking the "brute force prevention", I do get the admin login page and I am able to login and get back to the dashboard.

    The WP security tab is present; however, unlike my 230 score on the main site dashboard, I get a score of 50 on the subsite with all the options available to be selected?

    So my question is: is the WP security tab supposed to be available to subsites? And why the different scores?

  3. mra13
    Member
    Plugin Author

    Posted 9 months ago #

    Don't worry about the scores on your sub-site. The firewall rules are applied globally to your whole domain. The points are not showing because those feature checkboxes are unticked in the sub-sites which is fine. This is due to how htaccess file is handled for WPMS install.

  4. skaye123
    Member
    Posted 9 months ago #

    Okay. I'm really confused? This issue is marked "resolved" however nothing has been answered.

  5. mbrsolution
    Member
    Posted 9 months ago #

    Hello @skaye123 I understand your question. Please read the following.

    Your first question,

    Also, when I try to access the sub-sites admin/login panel, I get redirected to 127.0.0.1 I even tried to set the cookie using the secret word on the sub-site but that doesn't seem to work, I just get the regular index page.

    Any ideas?

    Please have a read at the following links

    1 ) First link
    2 ) Second link

    Your second question,

    So my question is: is the WP security tab supposed to be available to subsites? And why the different scores?

    @mra13 answers
    Don't worry about the scores on your sub-site. The firewall rules are applied globally to your whole domain. The points are not showing because those feature checkboxes are unticked in the sub-sites which is fine. This is due to how htaccess file is handled for WPMS install.

    I hope the above answers your questions.

    Kind regards

  6. wpsolutions
    Member
    Plugin Author

    Posted 9 months ago #

    @skaye123,
    Just to clarify a few things.....

    When you have a multi-site installation things get a little complicated when you introduce things like firewall rules in the .htaccess file because a typical multi-site installation has a shared file system (and .htaccess file) across all sites.

    This is why for the subsites we have made some of the features which involve modifying the .htaccess file unavailable. As a result, since some of the features are disabled on the subsites, this will also be reflected in the security scores.

    Another thing to keep in mind is that if you activate any of the firewall rules from the main site, these will work on the subsites too due to the shared nature of the .htaccess file.

    The only caveat of this currently is that if you activate the "Brute Force Prevention" feature on the main site of a multi-site, then this will mean that access to the login/admin pages of subsites will be blocked unless people know the secret url password (or if they have the special cookie in their browser).

    So if someone from a subsite wanted to access their login page when the Brute Force feature is enabled, they would have to do the following:
    1) First type the URL of main main site together with the secret word:
    url_main_site.com/?secretword=1

    2) The above will deposit the special cookie in their browser but it will also redirect them to the login page of the "main" site

    3) Since they now have the special cookie in their browser the plugin will allow them access their subsite login page. So now can type in their login page URL directly:
    url_subsite.com/wp-login.php

    I know it's a little confusing but that's how it currently works for multi-sites.
    I recommend you leave the brute force feature disabled if you think the above is too complicated.

    We will also introduce a better way of dealing with multisites for the brute force feature in future updates.

  7. skaye123
    Member
    Posted 9 months ago #

    @wpsolutions
    Thank you for the reply.

    I did have the cookie in my browser. To be sure, I was able to login to the main site just fine. As you know, the subsites are listed in the tab and when selected I was redirected to the 127.0.0.1

    So, I tried again... I checked the "Brute Force Prevention" and saved the config. I tried the main site wp-login "without" the special code and I was blocked successfully. I also checked the sub-site, also blocked successfully.

    Then I entered the URL, special cookie, and viola main site wp-login worked just fine. No such luck though with the sub-site - I still get redirected to 127.0.0.1 when trying to access via the admin tab and with direct entry of the url.

    Also, I noticed that the WP generator 3.6.1 was successfully removed from the main site but not the sub site - arrrgggg!

  8. skaye123
    Member
    Posted 9 months ago #

    @wpsolutions

    I now see on the "multi-site" that WP security has a check box to remove the WP meta info.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.