nestorix
Forum Replies Created
-
That was one of the first things I checked, actually, quoting my initial post:
The form will POST to wp-login.php?action=postpass, setting the referrer field to the protected page. I can confirm this is all set properly using the developer tools.
When WP Cerber is active, the login page does not redirect as it should. I’m stuck at the login page with the location showing wp-login.php?action=postpass.
So, the parameter is present in the URL but gets filtered out somewhere.
Yes, I’m using incognito mode to prevent it from picking up my session. I didn’t notice any difference between Chrome and Firefox.
With the custom URL configured, the response is “POST HTTP 200 OK”.
After removing the custom URL, the response is indeed “POST HTTP 302 Found”.
There is one other difference: response details shows “Get fields: / action | postpass” in case it works. When the custom URL is active, the “Get fields” section is not present.
Yes, that’s exactly what I did. I can reproduce it on a freshly deployed WP 4.9.4 with the stock theme and no plugins beside WP Cerber: http://marimba.me/dicht/
Password = “open”. For me, it lands on http://marimba.me/at6yie9x/?action=postpass where http://marimba.me/at6yie9x is the custom URL configured in WP Cerber.It works as expected as soon as I remove that custom URL.
Anything else I can try?
Hi Gioni, thanks for your reponse. Indeed, I am using a custom login URL. I’m seeing lots of probes to the standard login URL and being able to configure a custom URL is a great feature. That said, removing the custom login URL /does/ fix the issue with the password protected page.
To clarify, suppose my custom URL is ‘/abc’, then the protected page form will POST to ‘/abc/?action=postpass’. However, instead of redirecting to the protected page, this URL just shows the WP login dialog.