Problem with cookie-based brute force protection

Resolved boybawang
(@boybawang)

1 month ago

Hello –

I have cookie-based brute force protection enabled. For some reason, setting the secret code ({site_url}?{secret_word}=1) doesn’t work. I then have to place the following in wp-config.php to be able to log in:

define(‘AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION’, true);

What is the name of the cookie that should be placed in my browser? I’d like to see if it’s being placed there. I’m using Google Chrome.

I have the option enabled for My site has a theme or plugins which use AJAX:, but I would hope this isn’t the issue.

Thanks

Viewing 7 replies - 1 through 7 (of 7 total)

Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

1 month ago

Hi @boybawang,

The secret word needs to be used here. Please let me know if you still can’t log in after using it.

Could you also check that cookies are enabled in your browser?

https://snipboard.io/r4mGsA.jpg

Regards
Thread Starter boybawang
(@boybawang)

1 month ago
@hjogiupdraftplus – Yes, I have cookies enabled in my browser and verified that I’m using the secret password in that field. I still have problems logging in when I set that cookie. What is the name of the cookie? I’d like to search my browser and see if it’s set.

EDIT: When I viewed Chrome Dev Tools (Network tab), it showed that the URL for the cookie is being blocked (403 Forbidden). When I deactivate the AIOS plugin, that same URL is not blocked. It shows a 200 header response.

EDIT2: If I disable the option for Enable IP whitelisting within the Login whitelist tab, it works fine. Is this a known issue?
- This reply was modified 1 month ago by boybawang.
- This reply was modified 1 month ago by boybawang.
Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

1 month ago
Hi @boybawang,

If you have the Brute Force → Login Allowlist feature enabled, accessing the site using {site_url}?{secret_word}=1 may show a 403 Forbidden error if you’re connecting from an IP address that isn’t on the allowlist.

Please check your IP address using https://whatismyipaddress.com/ if you are accessing it through a browser. You may use the constant below to disable it.
```
define( 'AIOS_DISABLE_LOGIN_WHITELIST', true );
```
Regards
Thread Starter boybawang
(@boybawang)

1 month ago

@hjogiupdraftplus – If I’m the only person who logs into my site, should I just disable the Enable IP whitelisting within the Login whitelist tab?

Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

1 month ago

Hi @boybawang,

If you do not have a static IP address ( same all the time ) internet connection. You should disable the Login whitelist feature.

If the IP address does not match, it will show the 403 error.

Regards

Thread Starter boybawang
(@boybawang)

1 month ago

OK, thank you @hjogiupdraftplus

Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

4 weeks, 1 day ago

Hi @boybawang,

Would you mind writing a quick five-star review on wordpress.org?

https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/#new-post

Reviews also help others to make confident decisions about our plugin.

Viewing 7 replies - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.