Wordfence randomly breaking login

  • Resolved pembo13

    (@pembo13)


    4 years, 11 months ago

    WordPress: Version 4.9.9
    Wordfence Security: Version 7.2.5
    Wordfence Assistant: Version 1.0.6

    Seemingly randomly, admin login fails to work. Login attempts redirect to home page. “Live Traffic” doesn’t seem seem to show these login attempts.

    Disabled both “WP Rocket” and “Redirection” , but neither solved login problem.

    Disabling Wordfence solves login. IP addresses are already whitelisted. And logins are done using browser saved credentials.

    Only other oddity is a .htaccess rewrite rule to hide login page:
    RewriteRule ^secure_2019/?$ /wp-login.php [QSA,L]

Viewing 5 replies - 1 through 5 (of 5 total)
  • WFGerroald

    (@wfgerald)

    4 years, 11 months ago

    Hey @pembo13,

    Are you able to reliably reproduce this? If so, can you please switch to a WordPress default theme and let me know if it helps?

    Can you also share the full contents of your .htaccess file?

    Thanks,

    Gerroald

    Thread Starter pembo13

    (@pembo13)

    4 years, 11 months ago

    Unfortunately, this is in a production website that I inherited. I”ll re-enable the plugin and see if I replicate reliably … but it has so far been random.

    I luckily had am active session this last time it happened — so I was able to disable plugins until I was able to login — that’s how I narrowed it down to WordFence: when I disabled it, login started working again, and then when I re-enabled, login failed. Unfortunately i didn’t have time to do a deep dive into debugging the issue.

    WFGerroald

    (@wfgerald)

    4 years, 11 months ago

    Hey @pembo13,

    Are you able to access /wp-login.php with this code in the htaccess? If so, there might be a conflict with your server configuration. You might try removing the code to see if it helps.

    RewriteRule ^secure_2019/?$ /wp-login.php [QSA,L]

    Thanks,

    Gerroald

    Thread Starter pembo13

    (@pembo13)

    4 years, 11 months ago

    Sorry, I’m starting to suspect another plugin, as WordFence has been disabled, and the problem resurfaced.

    Currently suspect: http://wordpress.org/plugins/hc-custom-wp-admin-url/

    Thread Starter pembo13

    (@pembo13)

    4 years, 11 months ago

    Closing for now

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Wordfence randomly breaking login’ is closed to new replies.