Locked out (:-D)

  • Resolved Scott

    (@gegengenderwahn)


    1 week, 5 days ago

    Hi,

    I enabled all security options, and everything was working fine until… I tried to access the wp-admin page from a different IP address. 😀

    Result: I was redirected to the address 127.0.0.1. (noo?! REALLY?! :-D)

    The IP address from which everything was set up is also saved. How can I manually add another one if I don’t have access to the backend? 😀

    I’ve also installed phpMyAdmin, so I can access the databases without any issues.

    (I could just restore a backup from the day before and basically start over. But that would be too trivial for me.)

    I’ve already followed the instructions in the FAQ (https://teamupdraft.com/documentation/all-in-one-security/troubleshooting/why-am-i-being-redirected-to-127-0-0-1/), but then I just get a 403 error (forbidden).

    And I forgot: I already tried the secret password: https://mysite.com/wordpress/<alt_to_wp-admin>/?mysecretpassword
    Did not help, too 😀

    Regards

    Scott

    • This topic was modified 1 week, 5 days ago by Scott.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    1 week, 5 days ago

    Hi @gegengenderwahn

    You must have both the Cookie-Based Brute Force Prevention and Login Whitelist IP features enabled for the login page.

    If only the wp-admin area is being redirected to 127.0.0.1, this indicates that Cookie-Based Brute Force Prevention is enabled.

    You should try accessing the site using your secret word, for example:

    {site_url}?{secret_word}=1

    This will save a cookie in your browser for 24 hours and allow access to the login page. Once the cookie expires, you will be redirected to 127.0.0.1 again and will need to revisit:

    {site_url}?{secret_word}=1

    to generate a new cookie.

    If Cookie-Based Brute Force Prevention is enabled and you have forgotten the secret word, add the following constant to your wp-config.php file:

    define( 'AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION', true );

    Then try accessing wp-login.php (or your renamed login page, if applicable). This will temporarily disable Cookie-Based Brute Force Prevention.

    If you also have Login Whitelist IP enabled, add the following constant to your wp-config.php file:

    define( 'AIOS_DISABLE_LOGIN_WHITELIST', true );

    This will temporarily disable Login Whitelist IP protection and should allow access to the login page.

    Please let us know if you are still experiencing the issue after trying the above steps.

    Regards

    Thread Starter Scott

    (@gegengenderwahn)

    1 week, 5 days ago

    Hi,

    thank you so much for your help. And Yes! the define ... declarations were the solution.
    Strangely enough, the code word https://www.mydomain.com/wordpress/?<mycodeword>=1didn’t help. At the moment my wordpress-website is still in a subdirectory, because my old active one is still on Joomla 3.x. I am going to change to WordPress, when all is done.

    Kind regards,

    Scott

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    1 week, 4 days ago

    Hi @gegengenderwahn,

    Glad to know the issue seems solved.

    You should disable the Cookie-Based Brute Force Prevention feature and then enable it again. This will display the correct URL that can be used to access the login page via the secret word for this feature.

    https://snipboard.io/ZqNLAk.jpg

    Would you mind writing a quick five-star review on wordpress.org?

    https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/#new-post

    Reviews also help others to make confident decisions about our plugin.

    Regards

    Thread Starter Scott

    (@gegengenderwahn)

    1 week, 4 days ago

    Hello,

    thank you so much for this advice!

    Greetings,

    Scott

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.