All In One WP Security & Firewall
[resolved] Can't get 'cookie based brute force' feature to work (7 posts)

  1. jamminjames
    Posted 2 years ago #

    When I tried setting up the 'cookie based brute force' feature, here's what happened:

    I did the cookie test, and passed. Then, I set up a 'secret word' and checked the box to enable it and saved.

    Now, when I go to the url (http://www.yoursite.com/?yoursecretword=1), it brings up my home page, not a login page. So, I clicked the login link on my page, but that goes to the page.

    Trying the secret word on the wp-login.php page doesn't work either.

    So, how do I get to the login?

    Also, I would need this to work for other contributors to my site. So, if I give them the secret word and tell them to append it to the site url, will it work for them?


  2. wpsolutions
    Plugin Author

    Posted 2 years ago #

    Did you copy and paste the exact special URL which was given to you by this plugin when you enabled that feature?

  3. jamminjames
    Posted 2 years ago #

    Yes, definitely. Made sure of it, tried a couple times, on different computers, flushing the cache, etc.

    I did have Ajax login, but disabled that plugin, and it made no difference.

  4. jamminjames
    Posted 2 years ago #

    Also, when I hit the 'Account Activity Logs' tab in the User Login section, I get a "Forbidden - You don't have permission to access /wp-login.php on this server." The url at that point is http://www.humortimes.com/wp-login.php?redirect_to=http://www.humortimes.com/wp-admin/admin.php?page=aiowpsec_userlogin&aiowps_login_msg_id=session_expired

  5. jamminjames
    Posted 2 years ago #

    I think that last thing has to do with the cache, when I came back later it was ok. I had that happen again somewhere else in the admin for the plugin. I had just logged back in, after being forced to, because I had it set to allow only an hour logged in at a time.

    I would still like help with the original problem, the 'cookie based brute force' feature, however...

  6. mbrsolution
    Plugin Contributor

    Posted 2 years ago #

    Hi @jamminjames in some cases the Cookie Based Brute force might not work well with current server settings. Please try and enable the "rename login page" feature.

    Kind regards

  7. jamminjames
    Posted 2 years ago #

    I have back end access to my server and I checked it out. Indeed, logs show that the secret key I chose for the Cookie based feature was too long, there's a setting limiting that. I'll try it out with a shorter one.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic