Support » Plugin: Wordfence Security - Firewall & Malware Scan » Wordfence randomly breaking login

  • Resolved pembo13

    (@pembo13)


    WordPress: Version 4.9.9
    Wordfence Security: Version 7.2.5
    Wordfence Assistant: Version 1.0.6

    Seemingly randomly, admin login fails to work. Login attempts redirect to home page. “Live Traffic” doesn’t seem seem to show these login attempts.

    Disabled both “WP Rocket” and “Redirection” , but neither solved login problem.

    Disabling Wordfence solves login. IP addresses are already whitelisted. And logins are done using browser saved credentials.

    Only other oddity is a .htaccess rewrite rule to hide login page:
    RewriteRule ^secure_2019/?$ /wp-login.php [QSA,L]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support WFGerroald

    (@wfgerald)

    Hey @pembo13,

    Are you able to reliably reproduce this? If so, can you please switch to a WordPress default theme and let me know if it helps?

    Can you also share the full contents of your .htaccess file?

    Thanks,

    Gerroald

    Unfortunately, this is in a production website that I inherited. I”ll re-enable the plugin and see if I replicate reliably … but it has so far been random.

    I luckily had am active session this last time it happened — so I was able to disable plugins until I was able to login — that’s how I narrowed it down to WordFence: when I disabled it, login started working again, and then when I re-enabled, login failed. Unfortunately i didn’t have time to do a deep dive into debugging the issue.

    Plugin Support WFGerroald

    (@wfgerald)

    Hey @pembo13,

    Are you able to access /wp-login.php with this code in the htaccess? If so, there might be a conflict with your server configuration. You might try removing the code to see if it helps.

    RewriteRule ^secure_2019/?$ /wp-login.php [QSA,L]

    Thanks,

    Gerroald

    pembo13

    (@pembo13)

    Sorry, I’m starting to suspect another plugin, as WordFence has been disabled, and the problem resurfaced.

    Currently suspect: http://wordpress.org/plugins/hc-custom-wp-admin-url/

    pembo13

    (@pembo13)

    Closing for now

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.