Brute Force Prevention breaks access to dashboard from WordPress bar menu

If you activated the brute force prevention you can’t use the WordPress bar menu to access to the dashboard.

We tested the scenario you mention when we were implementing this feature and we made sure this works – and I can confirm that it does.
As a matter of fact I just tried another test now on my site and the WordPress menu bar on the front end works fine when the brute force feature is enabled.

Something else must be causing this on your site. Have you tried disabling all firewall rules to see if the menu bar works? (Also I would try with only the brute force feature active and all other rules disabled)

Are you using any other plugins which are modifying your .htaccess file?

Not using any other plugin that modifies the .htaccess file.

Only disabling the brute force prevention allows me to access to the dashboard using “www.example.com/wp-admin/” (that is the link on the WP admin bar menu), with brute force prevention enabled I get redirected to 127.0.0.1

The only way I have to use “www.example.com/wp-admin/” while brute force prevention is active is using the modified rule that I posted above.

Is there a particular link in the admin bar that doesn’t work or all the links in the wp admin bar doesn’t work for you?

Well after more testing I found that this only happens when the cookie is expired.

And by the way, enabling this method breaks the links in the emails for comment moderation too.

For example, you can use this link when you recieve an email to moderate a comment:

https://www.example.com/wp-admin/comment.php?action=approve&c=xxxx

But anyway I suppose that it’s a side effect of this protection method and not a bug…

Thank you again for your support!