Support » Plugin: Wordfence Security - Firewall & Malware Scan » Signing in error…

  • Resolved Syxguns

    (@syxguns)


    I have installed Wordfence on 3 of my 5 websites, and on two of he three I get an error when logging in. A little information for you first.

    On my site that works the redirect takes you to the login page. Please note that the login page is a custom page I created. I use the same plugins on all of my sites. If one is failing me I search for something new to replace it. I do not want to replace Wordfence because it is awesome. I however can not have conflict for my members on my sites.

    Like I said I use the same plugins on every site and only one of them seems to work.
    Peter’s Redirect Login/Logout
    Profile Builder
    BAW Login/Logout Menu
    I also have Sucuri running on all sites.

    I have set all plugins to the same parameters, but on two of my sites I get the following when I log in:
    Fatal error: Uncaught exception 'phpmailerException' with message 'Invalid address: {site_url}' in /home/XXXX/public_html/idwph.com/wp-includes/class-phpmailer.php:946 Stack trace: #0 /home/XXXX/public_html/idwph.com/wp-includes/pluggable.php(352): PHPMailer->setFrom('{site_url}', 'IDWPH.COM', false) #1 /home/XXXX/public_html/idwph.com/wp-content/plugins/wordfence/lib/wordfenceClass.php(5497): wp_mail('XXX@XXX...', '[Wordfence Aler...', 'This email was ...') #2 /home/XXXX/public_html/idwph.com/wp-content/plugins/wordfence/lib/wordfenceClass.php(1278): wordfence::alert('Admin Login', 'A user with use...', 'xx.xx.xx.xxxx') #3 [internal function]: wordfence::loginAction('XXXX') #4 /home/XXXX/public_html/idwph.com/wp-includes/plugin.php(524): call_user_func_array('wordfence::logi...', Array) #5 /home/XXXX/public_html/idwph.com/wp-includes/user.php(104): do_action('wp_login', 'XXXX', Object(WP_User)) #6 /home/XXXX/public_html/idwph.com/wp-content/plugins/maintenance/load/f in /home/syxgunsp4m/public_html/idwph.com/wp-includes/class-phpmailer.php on line 946

    I have looked at ever single file the error points to but can not find a flaw. I have copied the exact same setting from the first domain to the others and still the error takes place.

    Note: The error only happens on the first login, I see a redirect in the address bar to another link other than /login. The second login is fine. The site that works shows me a Sucuri login link and then takes me to the correct link, the others show me /admin.php!

    If I select the back button on my browser the correct link shows and I am logged in. It’s very strange indeed and if you would like permission to poke through one of my sites let me know.

    I have disabled Sucuri and it did not stop the problem. If I disable Wordfence, then everything is fine and dandy, but I need the security protection.

    Thank you for any assistance you can provide.

    Syxguns

Viewing 8 replies - 1 through 8 (of 8 total)
  • Hi Syxguns,
    I agree this is very strange issue and I’m afraid to tell I’m not authorized to access your website directly, but here you are a couple of suggestions:
    – Compare “.htaccess” file of the working website with the similar one of the other two websites.
    – Try to disable your other plugins except (Wordfence and Peter’s Login Redirect) and re-check this issue.

    Thanks.

    Thank you wfalaa, but looking at the two different .htaccess and there was a lot of difference. I tried replicating the first two lines of code (different addresses of course) but then I could not log into my site. Here are the two codes.

    htaccess site that works:

    RewriteCond %{HTTP_HOST} ^integraldezign.com
    RewriteRule ^(.*)$ http://www.integraldezign.com/$1 [R=301,L]
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress
    
    <IfModule deflate_module>
    <IfModule filter_module>
    AddOutputFilterByType DEFLATE text/plain text/html
    AddOutputFilterByType DEFLATE text/xml application/xml application/xhtml+xml application/xml-dtd
    AddOutputFilterByType DEFLATE application/rdf+xml application/rss+xml application/atom+xml image/svg+xml
    AddOutputFilterByType DEFLATE text/css text/javascript application/javascript application/x-javascript
    AddOutputFilterByType DEFLATE font/otf font/opentype application/font-otf application/x-font-otf
    AddOutputFilterByType DEFLATE font/ttf font/truetype application/font-ttf application/x-font-ttf
    </IfModule>
    </IfModule>
    
    #BEGIN GZIP COMPRESSION BY THEMIFY BUILDER
    <IfModule mod_deflate.c>
    #add content typing
    AddType application/x-gzip .gz .tgz
    AddEncoding x-gzip .gz .tgz
    
    # Insert filters
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/x-httpd-php
    AddOutputFilterByType DEFLATE application/x-httpd-fastphp
    AddOutputFilterByType DEFLATE image/svg+xml
    
    # Drop problematic browsers
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
    
    # Make sure proxies don't deliver the wrong content
    Header append Vary User-Agent env=!dont-vary
    </IfModule>
    # END GZIP COMPRESSION
    ## EXPIRES CACHING ##
    <IfModule mod_expires.c>
    ExpiresActive On
    ExpiresDefault "access plus 1 week"
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 month"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType text/html "access plus 1 minute"
    ExpiresByType text/plain "access plus 1 month"
    ExpiresByType text/x-component "access plus 1 month"
    ExpiresByType text/javascript "access plus 1 month"
    ExpiresByType text/x-javascript "access plus 1 month"
    ExpiresByType application/pdf "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 months"
    ExpiresByType application/x-javascript "access plus 1 months"
    ExpiresByType application/x-shockwave-flash "access plus 1 month"
    ExpiresByType image/x-icon "access plus 1 year"
    ExpiresByType application/xml "access plus 0 seconds"
    ExpiresByType application/json "access plus 0 seconds"
    ExpiresByType application/ld+json "access plus 0 seconds"
    ExpiresByType application/xml "access plus 0 seconds"
    ExpiresByType text/xml "access plus 0 seconds"
    ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
    ExpiresByType text/cache-manifest "access plus 0 seconds"
    ExpiresByType audio/ogg "access plus 1 month"
    ExpiresByType video/mp4 "access plus 1 month"
    ExpiresByType video/ogg "access plus 1 month"
    ExpiresByType video/webm "access plus 1 month"
    ExpiresByType application/atom+xml "access plus 1 hour"
    ExpiresByType application/rss+xml "access plus 1 hour"
    ExpiresByType application/font-woff "access plus 1 month"
    ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
    ExpiresByType application/x-font-ttf "access plus 1 month"
    ExpiresByType font/opentype "access plus 1 month"
    </IfModule>
    #Alternative caching using Apache<code>s &quot;mod_headers&quot;, if it</code>s installed.
    #Caching of common files - ENABLED
    <IfModule mod_headers.c>
    <FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|ico|txt|html|htm)$">
    Header set Cache-Control "max-age=2592000, public"
    </FilesMatch>
    </IfModule>
    
    <IfModule mod_headers.c>
    <FilesMatch "\.(js|css|xml|gz)$">
    Header append Vary Accept-Encoding
    </FilesMatch>
    </IfModule>
    
    <IfModule mod_gzip.c>
    mod_gzip_on Yes
    mod_gzip_dechunk Yes
    mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
    mod_gzip_item_include handler ^cgi-script$
    mod_gzip_item_include mime ^text/.*
    mod_gzip_item_include mime ^application/x-javascript.*
    mod_gzip_item_exclude mime ^image/.*
    mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
    </IfModule>
    
    # Set Keep Alive Header
    <IfModule mod_headers.c>
    Header set Connection keep-alive
    </IfModule>
    
    # If your server don

    t support ETags deactivate with “None” (and remove header)
    <IfModule mod_expires.c>
    <IfModule mod_headers.c>
    Header unset ETag
    </IfModule>
    FileETag None
    </IfModule>
    ## EXPIRES CACHING ##
    #END GZIP COMPRESSION BY THEMIFY BUILDER

    # Wordfence WAF
    <Files “.user.ini”>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>

    # END Wordfence WAF

    
    
    Site that doesn't work:
    

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress

    # Wordfence WAF
    <Files “.user.ini”>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>

    # END Wordfence WAF

    Please let me know if you have a solution. Personally I think it might be the fact that I’m using Themify as my theme, since others are not experiencing the same issue.

    Note: I have also noticed that if I create a new user I am given the same error.

    If you would like access to my site let me know. The new site is under development. so creating access to work on something is no problem.

    Many Thanks,
    Syxguns

    • This reply was modified 2 years, 11 months ago by  Syxguns.
    • This reply was modified 2 years, 11 months ago by  Syxguns.

    Sorry, can’t edit again. Hopefully you can make out the gibberish. lol

    First of all, it’s recommended to use “Pastebin” when it comes to sharing long text.

    I suggest taking a backup of your current .htaccess file and give it a try with only the default WordPress code blocks, it’s easily identified with “# BEGIN WordPress” and “# END WordPress” comments, also do the same with Wordfence blocks (wrapped by “# Wordfence WAF” and “# END Wordfence WAF”).

    As you suspect it could be a theme related issue, then it’s worth to try using the default WordPress theme “Twenty Sixteen” and re-check this issue.

    P.S. what about disabling all other plugins except “Wordfence” and “Peter’s Login Redirect”?

    Thanks.

    Thank you wfalaa for the mention of patebin, I’ve never used that before.

    Well I did as you suggested and used a basic .htaccess, with only WAF enabled. Disabled all plugins and it still gave me the same error message. I used Twenty Sixteen theme to test again, and I still got the error.

    Gonna Clean my history real quick and double check 1 more time.

    Yep, even after clearing history I’m still getting the same error. I’ll try to investigate a little more, but at this point I’m at a loss.

    • This reply was modified 2 years, 11 months ago by  Syxguns.

    Okay, this topic is solved. I removed Wordfence and placed on another security program to still have the same problem. It does not reside within your code or my theme. I am going to try and find the issue.

    Thanks for the update, it will be nice if you can share with us the reason behind this one when you manage to get it sorted out.

    Good luck.

    I got it figured out. It seems that I had an outdated version of white label branding on my site. I keep certain plugins that I use a lot saved on my computer to save time on new sites. The plugin was not activated, but for some reason the code behind the plugin was causing Wordfence problems.

    I should have remembered that even though a plugin is not activated, the code still resides within your WordPress directory.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Signing in error…’ is closed to new replies.