Support » Plugin: All In One WP Security & Firewall » Infinite login loop

Viewing 10 replies - 1 through 10 (of 10 total)
  • Hi,

    Could you enable your JS console when your are attempting to login from one of the affected sites, to do this (chrome):
    Press CTRL+SHIFT+J (CMD+OPT+J on a Mac) or F12
    A Developer Tools sub-window should appear, as in the screenshot below
    In the Developer Tools window, click the ‘Console’ tab

    Can you let me know what errors you see and if possible provide a screenshot?

    Thread Starter euchia

    (@euchia)

    Hi,
    first of all thanks for answering.
    I already checked it, but nothing is reported in the console.
    Anyway, I’m attaching you the screenshot: https://postimg.cc/LYg3vmQd

    PS: just one screenshot, because before and after the form submission the screen/console are exactly the same

    That console isn’t giving much away!
    Would you be able to provide the URL of one of the sites?

    Thread Starter euchia

    (@euchia)

    You can try with https://www.casavela.it/accesso (your plugin is on, WPS Hide Login is off).

    I also checked the server/php log file, there is nothing there too

    I am having this same problem. Was there ever any solution?

    Theres a couple of things your could try, the first is very basic so it’s worth checking, the second is a bit more involved.

    In the WordPress admin area, can you go Settings » General page and check the site URL’s
    If these URLs are incorrect, then WordPress will redirect you back to the login page.

    You could also try regenerating your .htacess file
    Sometimes the .htaccess file can get corrupted.
    Simply access your website through an FTP client or via the File Manager app in your hosting account dashboard.
    Once connected, locate the .htaccess file in the root folder of your website and download it to your computer as backup.`
    After that, go ahead and delete the .htaccess file from your website.
    Next, open the wp-admin directory and if there is a .htaccess file there, then go ahead and delete it as well.
    Login to your site go Settings » Permalinks page in WordPress admin area and click on the Save button without making any changes. This will generate a new .htaccess file for your website.`
    Finally, activate the login redirect functionality and see if you get the same issues.

    Thread Starter euchia

    (@euchia)

    Hi, thanks for the hint!
    I found the problem, is about an instruction in the htaccess

    #### Force HTTPS://WWW and remove trailing / from files ####
    ## Turn on rewrite engine
    RewriteEngine on
    # Remove trailing slash from non-filepath urls
    RewriteCond %{REQUEST_URI} /(.+)/$
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} !^/wp-json
    RewriteCond %{REQUEST_URI} !^/wp-json/
    RewriteRule ^ https://www.casavela.it/%1 [R=301,L]

    If I remove it, login works.
    Now I added a row before the RewriteRule,
    RewriteCond %{REQUEST_URI} !^/accesso/
    and it works: despite the word I inserted in the setting page “brute force -> rename login” is “/accesso”, login form’s action is “/accesso/”, with trailing slash.

    Thanks again

    Thread Starter euchia

    (@euchia)

    Is there a way to hide/anonymize site/login’s url in this topic? Otherwire I’ve to change it and communicate it to site’s owner…

    vupdraft

    (@vupdraft)

    You can edit your posts, you can then change any sensitive info to something like /mysiteurl/, mysite etc

    Thread Starter euchia

    (@euchia)

    Do you believe me if I tell you that I can’t find the edit button?

Viewing 10 replies - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.