Title: Possible bug Last modified: May 21, 2023 --- # Possible bug * Resolved [dgrl](https://wordpress.org/support/users/dgrl/) * (@dgrl) * [3 years, 1 month ago](https://wordpress.org/support/topic/possible-bug-43/) * Hi Where can I submit a possible bug?Dont know for sure if it is a bug or not, * If we “Enable brute force attack prevention:” then The system will deposit a special cookie in your browser which will allow you access to the WordPress administration login page.Any person trying to access your login page who does not have the special cookie in their browser will be automatically blocked.Which is very nice until the moment comes when you need to clean your browser from history / cookies. From that moment the admin does not has access anymore. I.E. your locked out. * Anyone know how to fix this and/or prevent the browser from deleting this special cookie? * Regards - This topic was modified 3 years, 1 month ago by [dgrl](https://wordpress.org/support/users/dgrl/). Viewing 15 replies - 1 through 15 (of 19 total) 1 [2](https://wordpress.org/support/topic/possible-bug-43/page/2/?output_format=md) [→](https://wordpress.org/support/topic/possible-bug-43/page/2/?output_format=md) * Plugin Support [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) * (@hjogiupdraftplus) * [3 years ago](https://wordpress.org/support/topic/possible-bug-43/#post-16756309) * Hi [@dgrl](https://wordpress.org/support/users/dgrl/) * Once you have enabled cookie based brute force you should try access with secret word so {site_url}?{secret_word}=1 It will set cookie again which is valid for next 24 hrs and will allow access to login page other wise will redirect to 127.0.0.1 * If you have enabled and forgot the {secret_word} define AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION true in wp-config.php and try access with wp-login.php ( or renamed login page) it will disable the cookie based brute force * ```wp-block-code define('AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION', true); ``` * Thread Starter [dgrl](https://wordpress.org/support/users/dgrl/) * (@dgrl) * [3 years ago](https://wordpress.org/support/topic/possible-bug-43/#post-16756313) * Hi, * Thanks for the answer. * Where can I post a video? Coz it is not working. Simple. * I know my secret word. I copied the URL from the admin area and use it to login yet it says access denied. * Regards * Plugin Support [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) * (@hjogiupdraftplus) * [3 years ago](https://wordpress.org/support/topic/possible-bug-43/#post-16756358) * Hi [@dgrl](https://wordpress.org/support/users/dgrl/), * It might be login white listed IP not being used to login that is why it is showing access denied 403 forbidden. * please define AIOS_DISABLE_LOGIN_WHITELIST in wp-config.php and try access with. * ```wp-block-code define( 'AIOS_DISABLE_LOGIN_WHITELIST', true ); ``` * After login make sure you have static IP address and in IPv4 and Ipv6 both can be detected as IP so both have to be static and white listed. * Regards * Thread Starter [dgrl](https://wordpress.org/support/users/dgrl/) * (@dgrl) * [3 years ago](https://wordpress.org/support/topic/possible-bug-43/#post-16756398) * I know my own IP. I make the whitelisting my own. Copy my own IP into the plugin. Log out clean browser use the URL that has my secret word in it yet it says access denied. all within the same 2 minutes. * I dont have static IPv6 but I do have static IPv4 - This reply was modified 3 years ago by [dgrl](https://wordpress.org/support/users/dgrl/). * Plugin Support [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) * (@hjogiupdraftplus) * [3 years ago](https://wordpress.org/support/topic/possible-bug-43/#post-16756450) * Hi [@dgrl](https://wordpress.org/support/users/dgrl/) * It could be the IPv6 got detected as your IP address not IPv4, use AIOS_DISABLE_LOGIN_WHITELIST constant to disable it. * Also Please cross check you have correct IP detection settings set WP Security > Settings > Advanced settings tab. as per [https://whatismyipaddress.com/](https://whatismyipaddress.com/) * Regards * Thread Starter [dgrl](https://wordpress.org/support/users/dgrl/) * (@dgrl) * [3 years ago](https://wordpress.org/support/topic/possible-bug-43/#post-16756547) * Ok Ill try to figure that out, * Thanks so far for all the help! * Plugin Support [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) * (@hjogiupdraftplus) * [3 years ago](https://wordpress.org/support/topic/possible-bug-43/#post-16761768) * Hi [@dgrl](https://wordpress.org/support/users/dgrl/) * Ok, keep me updated. * Regards * Thread Starter [dgrl](https://wordpress.org/support/users/dgrl/) * (@dgrl) * [3 years ago](https://wordpress.org/support/topic/possible-bug-43/#post-16761851) * Hi [@hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) On the brute force page I can enable “rename login page” and “Cookie based brute force prevention” but I do need to disable the “Login whitelist” Dont know why but it works fine after disabling the login whitelist function * Regards - This reply was modified 3 years ago by [dgrl](https://wordpress.org/support/users/dgrl/). * Plugin Support [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) * (@hjogiupdraftplus) * [3 years ago](https://wordpress.org/support/topic/possible-bug-43/#post-16761963) * Ok, * Please cross check you have correct IP detection settings set WP Security > Settings > Advanced settings tab. as per [https://whatismyipaddress.com/](https://whatismyipaddress.com/) *  It might be reason the IPv6 got detected instead static IPv4, It depend on your networking and if hosting have IPv6 enabled. * Regards * Thread Starter [dgrl](https://wordpress.org/support/users/dgrl/) * (@dgrl) * [3 years ago](https://wordpress.org/support/topic/possible-bug-43/#post-16762539) * I can not choose IPv4 for some reason. ANd I use cloudfare and have dynamic IPv6 * Plugin Support [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) * (@hjogiupdraftplus) * [3 years ago](https://wordpress.org/support/topic/possible-bug-43/#post-16764595) * Hi [@dgrl](https://wordpress.org/support/users/dgrl/) * Ok, please try login whitelist your IPv6 range, If it works that your internet connection do change only ipv6 last 2 section or might be you need to use /48 * 2001:db8:1263:af15:2[:](https://wordpress.org/support/topic/possible-bug-43/2?output_format=md):/ 100 * [https://www.crucial.com.au/blog/2011/04/15/ipv6-subnet-cheat-sheet-and-ipv6-cheat-sheet-reference/](https://www.crucial.com.au/blog/2011/04/15/ipv6-subnet-cheat-sheet-and-ipv6-cheat-sheet-reference/) * Thread Starter [dgrl](https://wordpress.org/support/users/dgrl/) * (@dgrl) * [3 years ago](https://wordpress.org/support/topic/possible-bug-43/#post-16766108) * Hi [@hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) For what I noticed it looks like the last 4 sections on my IPv6 changes. I would like to really whitelist only 1 specific IP to enter the login page. Not a range since that will still leave a door openHow can I configure this plugin in such a way that it will detect IPv4 instead of IPv6? (For the brute force “login whitelisting” tab? * Plugin Support [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) * (@hjogiupdraftplus) * [3 years ago](https://wordpress.org/support/topic/possible-bug-43/#post-16770261) * Hi [@dgrl](https://wordpress.org/support/users/dgrl/) * AIOS Plugin depends on $_SERVER variable provided by hosting and it depends from your internet which ip address IPv4 and IPv6 to user for browser request. If you have static IPv4 and IPv6 then only you enter it in white listed IP or with in IP range it will match it will be allowed to see the login page. * Regards * Thread Starter [dgrl](https://wordpress.org/support/users/dgrl/) * (@dgrl) * [3 years ago](https://wordpress.org/support/topic/possible-bug-43/#post-16770278) * [@hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) The problem is that I have a static IPv4 and a dynamic IPv6For the IPv6 I noticed the first 4 parts are always the same and the second 4 are always changing.I dont want to whitelist a range of IPv6 numbers since this leaves a door open for other people in that range to gain access * Regards - This reply was modified 3 years ago by [dgrl](https://wordpress.org/support/users/dgrl/). * Plugin Support [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/) * (@hjogiupdraftplus) * [3 years ago](https://wordpress.org/support/topic/possible-bug-43/#post-16771438) * Hi [@dgrl](https://wordpress.org/support/users/dgrl/) * Ok, I have created internal ticket for this. * Regards Viewing 15 replies - 1 through 15 (of 19 total) 1 [2](https://wordpress.org/support/topic/possible-bug-43/page/2/?output_format=md) [→](https://wordpress.org/support/topic/possible-bug-43/page/2/?output_format=md) The topic ‘Possible bug’ is closed to new replies. * ![](https://ps.w.org/all-in-one-wp-security-and-firewall/assets/icon-256x256. png?rev=2798307) * [All-In-One Security (AIOS) – Security and Firewall](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/) * [Frequently Asked Questions](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#faq) * [Support Threads](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/) * [Active Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/unresolved/) * [Reviews](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/) * 19 replies * 2 participants * Last reply from: [dgrl](https://wordpress.org/support/users/dgrl/) * Last activity: [3 years ago](https://wordpress.org/support/topic/possible-bug-43/page/2/#post-16816131) * Status: resolved