WordPress.org

Ready to get started?Download WordPress

Forums

All In One WP Security & Firewall
[resolved] additional rules block wp-login, incorrect logged in user count (2 posts)

  1. BobCross
    Member
    Posted 1 year ago #

    Hello,

    I am running WP Sec and Fire (ver3.2) for 14 days without any problem - but.

    Since yesterday about 10% of the user of my blog get a 403 error while trying to login with their username and password. They get the message "Access denied". Some of them I could see in the Locking Down list, some of them not. I checked them out of the Locking Down list, also gave all a new password, but without success. Then I disabled some of the additional firewall rules and that works. I disabled step by step. Only "disable Trace and Track" is enabled now. Disable Indexviewing was disabled all the time. Proxy comment, Bad Query Strings and String Filter are now turned off. 5G Blacklist is enabled now. Basic Rules are enabled. Thats the status that work for the moment, but I have a bad feeling to reduce safety rules.

    One other problem is the "Logged IN Users" counter - it works incorrect, I have a lot of double and tripple counted users, how can we fix this that?

    I am running WP 3.7.1. As membersystem and database I am using the Plugin S2Member (ver.131126) . It has worked for 14 days without any kind of problem. Users of the blog have to registrate but they don`t have the ability to post comments, they only have the right to read full articles and to download some stuff.

    Thanks for any kind of advice.

    Plugin Version: 3.2
    WP Version: 3.7.1
    WPMU: No
    MySQL Version: 5.1.49
    WP Table Prefix: wp_
    PHP Version: 5.3.3-7+squeeze8
    Session Save Path: /var/lib/php5
    CURL Library Present: Yes
    Debug File Write Permissions: Writable

    http://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

  2. wpsolutions
    Member
    Plugin Author

    Posted 1 year ago #

    Depending a site's setup, some firewall rules may affect existing functionality - this is why we have tried to make the rules as flexible as possible so that users have choices available.

    At this point I recommend that you leave the rules which you have identified as causing the 403 error disabled.

    Your site will still have adequate protection with other firewall rules and functionality offered in this plugin.

    One other problem is the "Logged IN Users" counter - it works incorrect, I have a lot of double and tripple counted users, how can we fix this that?

    Do you have other people with account access to your site or are the login entries shown in the table all coming from you when you are using the same username but on different browsers?

    We will investigate this to see if we can reproduce the behaviour you are seeing.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic