Kicked out of Session/ access restricted

Viewing 8 replies - 1 through 8 (of 8 total)
  • DuckSportsFan

    (@ducksportsfan)

    1 year, 1 month ago

    For starters, to get back to your dashboard, quickly, drag the ninja firewall plugin folder to the wp-content folder, which will deactivate the plugin until you can find out how to clear your IP from the “ban”.

    Thread Starter Katie

    (@katiethecreative)

    1 year, 1 month ago

    Um, thank you for the answer, but after being able to log in through my regular wp-login again, I checked the firewall log, and it appears while I was logged in, someone attempted a brute force attack, and that triggered the “Access restricted page.” While I’m glad that worked, I don’t understand why it kicked me out of my active session.

    Considering the fact that ninja firewall protected me from a brute force attack, I would definitely not consider deactivating the plugin.

    The only thing I would like to know at this point is why I was kicked out of an active session and why the “Access restricted page” didn’t accept my (I double-checked) correct credentials.

    Plugin Author nintechnet

    (@nintechnet)

    1 year, 1 month ago

    The brute force protection simply shows its login page when an attack is detected so that you can log in anyway. It doesn’t ban IP addresses. The fact you were blocked is very odd.
    Do you have another security application installed on the site (WordPress plugin) or at the server level ?

    Thread Starter Katie

    (@katiethecreative)

    1 year, 1 month ago

    No, I have not. In fact, when I tried to log in just now, I entered my credentials into my normal WP-login page and immediately got re-routed to the Access restricted page login page. Thankfully, this time my credentials there were accepted and I got rerouted back to my regular WP-login page and was able to log in as usual to my dashboard.
    I have recently made some adjustments to the advanced policy setting page. Could the cause for this strange behavior lie there?

    Thank you for your help!

    Plugin Author nintechnet

    (@nintechnet)

    1 year, 1 month ago

    It could. Do you remember what advanced policies you changed?

    Thread Starter Katie

    (@katiethecreative)

    1 year, 1 month ago

    Set X-Content-Type-Options to protect against MIME type confusion attacks -> yes

    Set X-Frame-Options to protect against clickjacking attempts -> SAMEORIGIN

    Set Strict-Transport-Security (HSTS) to enforce secure connections to the server -> 2 years (apply to subdomains)

    Set Content-Security-Policy for the website frontend -> yes: frame-ancestors ‘self’

    Set Referrer-Policy (Chrome, Opera and Firefox browsers) -> yes: strict-origin-when-cross-origin

    Block attempts to override PHP Superglobals -> yes

    Hide PHP notice and error messages -> yes

    Sanitise PHP_SELF -> yes

    Plugin Author nintechnet

    (@nintechnet)

    1 year, 1 month ago

    I can log in without problem using that configuration.
    Next time you’re about to log in, open your browser’s console ( CTRL + Shift + j ), log in and check if there’s any error in the console that could be related to one of those HTTP response headers.

    Thread Starter Katie

    (@katiethecreative)

    1 year ago

    Will do.
    For now, everything seems to work just fine again. At least I can rule out a problem from your side. Thank you for that!

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Kicked out of Session/ access restricted’ is closed to new replies.