Plugin Author
gioni
(@gioni)
Hi traxt!
First of all note: Please don’t use two security plugins with similar functionality at the same time. You just get the conflict between those two and can’t realize the cause.
Let’s move on to the your questions:
1. Your are right. You don’t have not to set “wp-admin” as custom login URL to revert back behavior of the plugin or WP. And yes it will lead to loop. Obviously, you’ve checked: Block direct access to wp-login.php and return HTTP 404 Not Found Error. This is a cause for your 404 Error.
2. IP blocking works well. But you need to understand one thought. Blocking doesn’t mean stopping attacks/attackers. It just protects your site from being vulnerable. There is no tools to stop attackers. They may keep trying to log in, but their attempts will never be successful.
To remove all settings and to deactivate plugin, please, follow this instruction: https://wordpress.org/support/topic/i-cant-login-im-locked-out-of-my-site/
Thread Starter
traxt
(@traxt)
Yeah, that was definitely some bad decision on my side. I was planning to deactivate it but before I could the loop has started since I’ve set “wp-admin” as the URL by then.
- To set the default URL back to wp-admin, I just have to leave it blank, right?
- Ah, I did not check either option. However, I did notice that every plug-in I have used that offers custom URLs always throws me a 404 when I visit the new link. Could it be an installation or core setting issue?
- I apologize if I wasn’t clear, but the attack came from the supposedly blocked IP. Shouldn’t it have been unable to try at all by virtue of being blacklisted, or am I misunderstanding what “block” means in this context?
- Does the plug-in accept *’s? I tried adding xx.xx.xx.*, got an error, but in the end saw the IP range listed anyway. I’ll get the specific error for you once I get my site working again.
Thanks for the fast response!
Sorry, that I interfere. I agree with the author. You get the conflict between plugins.
If I right understand Login Security Solution plugin has a higher priority than WP Cerber. Login Security Solution is called first and it doesn’t know about blocked IP by WP Cerber. That’s why it notifies you of brute force attacks.
Regards,
Talgat
Plugin Author
gioni
(@gioni)
1. Yes, and do not check Block direct access to wp-login.php and return HTTP 404 Not Found Error.
2. Can’t comment on that. That issue may be related to your site settings or web server environment. And never ever use “wp-admin” as custom login url with any plugin you will use.
3. If IP was blocked by the plugin, that means only one thing: this IP is not allowed to do any “login related” activity on the site. But this IP can continue trying to do that anyway.
4. Yes, you can use symbol * at the end of IP to block subnet class C with wildcard. It’s allowed using only one start symbol * at the end of IP, replacing last digits. In other words you unable to use wildcard like XXX.XXX.*.*. That will be available in the future.
I hope my answers will help you.
Thread Starter
traxt
(@traxt)
Thank you, both, especially Gioni! I’ll get back to you if the error does pop-up after restoring my site.
Thread Starter
traxt
(@traxt)
Hi,
I got to test things again.
- Here is the error I mentioned. It happens when adding an IP range:
inet_pton(): Unrecognized address XX.XXX.XX.* in /home/.../wp-content/plugins/wp-cerber/wp-cerber.php on line 523
- Setting a custom login URL gives me this when visiting the actual link:
Error 404 - Not Found
The document you are looking for may have been removed or re-named. Please contact the web site owner for further assistance.
I do not have the following checked:
- Request wp-login.php
- Disable wp-login.php
As expected, wp-admin got disabled. However, since the custom link doesn’t work either, I am left with requesting for wp-login.php to be able to log in.
- Lastly, leaving the custom link blank did not restore wp-admin. Right now as stated, I am using wp-login.php to get back in.
Thank you!
Plugin Author
gioni
(@gioni)
Hi!
1. Can you give me a full description of that error? It looks like a PHP Notice message if WP_DEBUG mode is enabled. What version of PHP is installed on your server?
2. What exactly you have entered as Custom login URL? Did you receive email notification with new Custom login URL link? Did you try exactly that link?
3. Sorry, I don’t realize meaning of this:
did not restore wp-admin
Don’t you have access to the Dashboard?
Plugin Author
gioni
(@gioni)
First of all, please don’t use WP_DEBUG mode, turn it off. It may give unpredictable results.
1. Ignore that warning message. It doesn’t affect functionality. I’ll fix it with new release soon.
2. I think, there is some conflict with other plugin or even theme. It would be great if you could try to use WP Cerber in clear environment.
I recommend these steps:
1. Аactivate default WP theme (e.g. Twenty Sixteen)
2. Disable any plugins related to permalinks, or redirection, or disabling access to folders/files, or performing any other tricks with URLs on your site.
3. Disable any plugins which is modifying .htaccess file.
4. Try to access your new Custom login URL.
Finally, on the third point. This is how it works. This option hide wp-admin from non-authorized users. It works as intended.
Thread Starter
traxt
(@traxt)
I’ll test this on a clean local environment. I’ll get back to you with results. Thank you!
Thread Starter
traxt
(@traxt)
Everything works perfectly in my local setup, even after installing the same things there are in the online version. I’ll have to figure out what is wrong with the server.
Thanks again, Gioni!
Plugin Author
gioni
(@gioni)
Glad to hear that! Let me know if you found out what was wrong. Perhaps, there is a reason to add some code to the plugin to avoid that situation in the future.
Thread Starter
traxt
(@traxt)
Well, I did figure out what went wrong. It turns out my site was using a custom permalink structure (which was actually weird). When I reverted to one of the native ones, everything worked perfectly! Here’s the link structure if it will help:
index.php/%year%/%monthnum%/%day%/%postname%/
Plugin Author
gioni
(@gioni)
That’s nice. But I have one question.
Why do you use such a weird permalink structure with index.php in it?
Thread Starter
traxt
(@traxt)
That is a very good question. When the site was turned over to me, I wondered why the URL schema had to include index.php as well. Only until I actually configured a local setup did I realize it wasn’t the default but was just intended to be so… for no appropriate reason. I thought it was for SEO purposes but it doesn’t appear to have any bearing. Your guess is as good as mine!
