Support » Fixing WordPress » Im getting – force_get_before_post=1

  • Resolved richard

    (@rich_smc)


    Hello,

    Im totally confused – i have several websites going in wordpress. Ive made no changes, but suddenly i cant log on 2 of them. All i get is:

    /wp-login.php?force_get_before_post=1

    The 2 sites using cloudflare; but i have 2 others that are ok.

    Ive searched for “force_get_before_post=1” in google, but theres only one page!

    Its just totally weird. Can anyone else help or come across this before? Thank you

Viewing 7 replies - 1 through 7 (of 7 total)
  • Hi there,

    I googled this parameter and came up with this post: https://blog.tigertech.net/posts/wordpress-rate-limiting-again/ – I’m not sure if you’re hosted with Tiger Technologies (or possibly someone reselling their hosting), but it looks like that parameter is designed to prevent brute force attempts at logging into your site.

    From that page:

    The extra “force_get_before_post=1” query string has two purposes: it lets you track it in your logs, and any subsequent POST from that page should also have it at the end of the Referer, preventing the “SecRule REQUEST_HEADERS:Referer” line from triggering again and again if the person is a legitimate user behind a proxy that changes IP addresses with each request.

    If you simply remove that from the URL, are you able to login like normal?

    If not, then I would recommend contacting Cloudflare support, or your hosting provider’s support as that is something that will be triggered on the server side rather than anything from WordPress.

    Cheers,
    Hugh

    Hi Hugh,

    Yes i did come across that pages; “If you simply remove that from the URL, are you able to login like normal?” – i have no idea where that should be to remove, whether thats part of the WordPress or apache – no idea? I did try copying

    wp-login.php

    SecRule REQUEST_LINE “^post .*/wp-login\.php” “chain”
    SecRule REQUEST_HEADERS:Referer “/wp-login\.php$” “chain”
    SecRule &IP:WP-LOGIN-GET “@eq 0” “setvar:tx.wp-login-post-without-get=1”
    SecRule TX:WP-LOGIN-POST-WITHOUT-GET “@eq 1” “redirect:%{REQUEST_HEADERS.referer}?force_get_before_post=1,status:303,sanitiseArg:pwd”

    But just came up blank…….

    In that case, I would recommend contacting your host as well as Cloudflare’s support as this looks like an issue on their side rather than anything to do with WordPress.

    Firstly Clear your browser cookies and cache. Also, make sure that your browser has cookies enabled. After doing that restart your browser and then try to login.

    Second, Try https://codex.wordpress.org/FAQ_Troubleshooting#How_to_deactivate_all_plugins_when_not_able_to_access_the_administrative_menus.3F manually resetting your plugins (no Dashboard access required). If that resolves the issue, reactivate each one individually until you find the cause.

    If that does not resolve the issue, access your server via SFTP or FTP, or a file manager in your hosting account’s control panel, navigate to /wp-content/themes/ and rename the directory of your currently active theme. This will force the default theme to activate and hopefully rule-out a theme-specific issue (theme functions can interfere like plugins).

    Hi Rachna,

    “Firstly Clear your browser cookies and cache. Also, make sure that your browser has cookies enabled. After doing that restart your browser and then try to login.” – ive tried that on 4 different browsers, all came with the same issue.

    The second tho, is a risk for me – because right now, the site is “fine”. It works. As soon as i de-activate all the plugins, that site will go down – and if i cant log on after this, i would be totally screwed? Im sure the theme is not the issue – its Avada and have several other sites with no problem?

    Thank you for the suggestion……….

    Solved it – I would give this out to others, spent all day sorting this one out…..

    Im using Cloudflare and w3 total cache, i followed this settings: https://www.mprstudio.com/speed-up-wordpress-w3-total-cache-cloudflare/#cloudflare

    Which works great, BUT – i had to go into the Cloudflare website account, “Page Rules”, and turn them off; and then go into the “Caching”; i then had to “Purge Cache” for everything.

    Suddenly i could then log on. I even turned all the “Page Rules” back on as well, and the 2 sites now work.

    Very odd, but if someone else comes across Cloudflare with the Page Rules, be ready to Purge…………

    Glad to know that 🙂
    As your issue is solved please, mark this topic as resolved.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Im getting – force_get_before_post=1’ is closed to new replies.