Hi Jerry, have a read through this tutorial to check if you carried out the correct setting procedures for this security option.
Kind regards
Thread Starter
Jerry
(@gerard749)
Hi,
Thank you for responding.
In IE, chrome and safari Cookie Based Brute Force Prevention works very nicely. In each browser I tried logging in using the login link and was not taken to the page. Then I set the cookie in each browser with the url secret word and after that in each browser I was able to login using the login link no problem.
My site has subdomains with subdirectories each with it’s own install. CBBFP was enabled in a subdirectory. In Firefox, when I set the cookie in the subdirectory with the url secret word I was able to login to the subdirectory but the cookie was set in the subdomain- could not get down to the subdirectory. This had no effect on the sub domain but I was not able to login to the subdirectory using the login link. I don’t know yet where the cookies landed in IE, chrome or safari – why there was no problem with these browsers logging into the subdirectory with the log in link.
Using CBBFP, it is not my intent to set the cookie in IE, chrome or safari – just in firefox.
Because CBBFP works so nicely I am going to work on this – try different things, and let you know how I make out.
Thank you again for responding,
Jerry
Thread Starter
Jerry
(@gerard749)
Hi again,
That would be each with its own WordPress install
Jerry
Thread Starter
Jerry
(@gerard749)
Hi,
When setting a cookie in a subdomain, if I put a / after the URL secret word that cookie is good for subdirectories with the same secret word enabled.
I have a number of plugins on my site – a few heafty ones, and I have never had a conflict with or a problem resulting from the All In One WP Security and Firewall Plugin.
Thank you for your time.
Jerry
Hi Jerry so you are saying that if you add the / at the end it works in FireFox browser?
Kind regards.
Thread Starter
Jerry
(@gerard749)
Hi,
Yes, In firefox if you have a subdomain that has subdirectories- each with its own WP install, you only have to set one cookie for the subdomain followed by a / and that cookie will be good for the subdirectories if they have the same secret word enabled.
What you can’t do is set a cookie followed by a / for a subdomain that doesn’t have a subdirectory- that may have one in the future. Firefox will let you do it and it will work, but once firefox realizes there is no subdirectory the cookie will stop working- you will not be taken to the login page.
When I open a subdomain, subdirectory or the domain in Firefox (with the cookie set) there is a hesitation going to the login page. I can then log out but as long as I don’t close the browser, I can open as many tabs as I want and logging into a subdomain, subdirectory or the domain is quick- no hesitation. The hesitation mentioned above is no big deal and is not a problem for me. I just thought I would pass that on.
Thank you for your time, and thank you for a plugin that is truly something special.
Jerry
Thread Starter
Jerry
(@gerard749)
Hi,
Today I am not able to log into my domain or any subdomain- not just the subdomain with the /. The wordpress_test_cookie is not making its way into the cookie. I can use the url secret word to reach the login page – set the cookie, and then I can login and logout as many times as I want.
Maybe my hosting company does some kind of reset on its server at some point during the night?
Thank you for your time.
Jerry
Hi Jerry, Looks like that feature is having some difficulty on your server.
You can use the info from the following post to get back into the site:
http://wordpress.org/support/topic/features-that-are-labelled-advanced?replies=3
Once you are in, disable the cookie based feature and enable the “rename login page” feature.
Thread Starter
Jerry
(@gerard749)
Hi,
Yesterday, around 3pm, the CBBFP feature was somehow? disabled- anyone could login. When I logged in I was taken to my admin area. When I went to my landing page it showed I was logged out but without logging in I could go to a different page and it showed I was logged in. I could then go to my admin area- go and do whatever I wanted, but when I went to my landing page it again showed I was logged out. It’s a shame. I really like CBBFP feature – it works well, but it appears there may be a conflict of some kind with my hosting companies server.
In the AIO WP Security plugin I unchecked Enable Brute Force Prevention: which removed AIO_Brute_Force_Prevention from the .htaccess file – restored my .htaccess file. The CBBFP feature is disabled but the secret word can’t be removed. Do I need to remove aio_wp_security_config from the database and then reset the features in the plugin that I want to keep. Would that be necessary.
Thank You for your time.
Jerry
