CORS policy: No ‘Access-Control-Allow-Origin’ blocking site login

  • Resolved Matthew Pollard

    (@matthewpolld)


    4 years ago

    Hello,

    I can’t login to a site which has the WordFence plugin installed, I get the following in the console:

    Access to XMLHttpRequest at 'https://www.mysite.co.uk/wp-admin/admin-ajax.php' from origin 'https://mysite.co.uk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

    If I login to the site’s hosting, & rename WordFence’s folder then I can login. Have you got any suggestions, please? What could be causing this?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @matthewpolld and thanks for reaching out to us!

    While you are logged in, rename the folder back and activate wordfence again.

    Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    Are you using the standard wp-login page to login or do you have a different site?

    Thanks!

    Thread Starter Matthew Pollard

    (@matthewpolld)

    Hi Adam,

    I have just sent the diagnostic report. I’m using the standard WordPress login page, & I’m using a custom login url (so not /wp-login.php). This issue only seems to happen when I completely clear the cache of my browser before trying to login. If I have logged in & haven’t cleared my cache since, then the issue doesn’t occur when I login in again.

    Thank-you for the support! ??

    Plugin Support WFAdam

    (@wfadam)

    Could you try to send your diagnostic again? I cant seem to locate it in our box.

    Thanks!

    Thread Starter Matthew Pollard

    (@matthewpolld)

    Hi Adam,

    Rather than clicking the ‘send diagnostic report’ button, I have downloaded a copy of the report, & sent it attached to an email instead. I have just sent the email now, at 15:20pm, UK time.

    My email address ends in @wpbymatt.com

    Thanks!

    Plugin Support WFAdam

    (@wfadam)

    Thanks for sending that @matthewpolld

    This could be an issue related to your Protect WP-Admin Plugin. Just to test, try disabling it and then logging in to see if the issue is still there.

    I also noticed that your Firewall might not be optimized. Check your Firewall page to see what percent it is. You might see “Optimize the Firewall” there as well. Click on that and follow the steps for CGI/FastCGI.

    Let me know what you find!

    Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘CORS policy: No ‘Access-Control-Allow-Origin’ blocking site login’ is closed to new replies.