Support » Plugin: NinjaFirewall (WP Edition) - Advanced Security » Brute force protection enabled: unable to login

  • Resolved barnez

    (@pidengmor)


    Hi,

    I have a strange case. I have had brute force protection with captcha enabled on the login page for a several months. It has been working perfectly and helped me to overcome sustained attacks. Today I have been working on the site, and after logging out and clearing the cookies, I am now unable to log back in again. I enter the captcha, then my username and password (100% correct and entered through the browser password manager), but after that I am returned to the captcha, and so on. So I cannot access the WP dashboard.

    I have tried clearing the browser cookies, entering the username and password manually, and removing the autoprepend rules from .user.ini and .htaccess, but that has not helped. I am still stuck in the loop.

    I can’t disable all other plugins until tomorrow and revert to the WordPress theme, and I am worried that these will need to be enabled in the dashboard once I rename them back to normal. Until then, this live site will not function as normal (e.g. the different forms).

    What is best way to reset the plugin? I have a configuration file from April (nfwp3.8.4.dat)

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • After finding a related topic I have regained access by deleting bf_conf.php. Nothing is logged in the firewall log. If I re-enable the brute force protection with the captcha as always enabled (https://snipboard.io/7i3tx1.jpg), when I log out I am again stuck in the login loop. If I only enable the captcha protection when under attack, using the default settings, then I can log in fine. Now I know I can regain dashboard access I feel more comfortable about testing for a theme/plugin conflict. I will report back on anything I find.

    • This reply was modified 4 months, 2 weeks ago by barnez. Reason: Add info about successful login when protection only enabled for under attack

    Fixed. Tracked the issue down the the Enfold theme and the new privacy settings, which were making cookies opt-in and thus interfering with the captcha.

    Plugin Author nintechnet

    (@nintechnet)

    Interesting. I have seen a few users who had the same problem lately but they couldn’t solve it. I’ll download this theme and will check if we can display a warning about that.

    That’s a premium theme unfortunately. Here you can see the opt-in option for the cookies: https://snipboard.io/ywdJCX.jpg

    Plugin Author nintechnet

    (@nintechnet)

    I don’t know how they do that, I guess they delete any cookies (including PHP session like the one used by NinjaFirewall), except the WordPress authentication cookie. That’s should break many plugins.

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.