Support » Plugin: Force Login » Force Login causes 401

  • Resolved MichaelGli

    (@michaelgli)


    When I activate Force Login the working site goes to 401 and even mswa.cloud/wp-admin is a 401.
    I did get a message saying the host firewall had been invoked, I reset this via a Captcha challenge but still get a 401. If I turn Force Login off the site reappears.

    • This topic was modified 2 months ago by  MichaelGli.
    • This topic was modified 2 months ago by  MichaelGli.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • MichaelGli

    (@michaelgli)

    The host for the site advises:

    It looks like the plugin is causing one of our modsec rules to trip

    We can whitelist that rule for you but it is one that stops bots from brute forcing logins

    Would you like that whitelisted?

    So that’s a bit of a dilema.

    Plugin Author Kevin Vess

    (@kevinvess)

    Hi– thanks for using Force Login!

    It sounds like this is an issue with your web host and you’re already working with them to resolve it. Great!

    If your web host could elaborate on what specifically the plugin is doing to trigger their modsec rules to trip, maybe I could be of more help. Although, I’m fairly certain the only way to fix this will be to work with your web host.

    Force Login is using the builtin wp_safe_redirect() function to handle redirecting visitors to the login screen.

    If you’re concerned about brute force attacks, there are other security plugins that could help with that; like Jetpack’s Protect module or iThemes Security.

    Good luck!

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.