Brute-force Protection Not Installed

How to turn of the protection?

Do you mean “How to turn on the protection?”, because the heading “Brute-force Protection Not Installed” means that the protection is off.

No response from server!

This error message suggests that your server is failing the session test and it may not be appropriate to activate the Brute-force Protection on this site.

I am always looking for ways to improve this Brute-force Protection so that it works for more people. Let me know if there is anything else I can do to help.

Aloha, Eli

So there is no way to turn the protection on on my server at all?

So there is no way to turn the protection on on my server at all?

No, there is a way, but the error message you are getting suggests that your server is failing the session test and it may not be appropriate or even effective to activate the Brute-force Protection on this site.

You need to address the issue that is causing the session test to fail, otherwise it will not matter, or it could even cripple your site, if you force the protection to be enabled. This test was put there for a reason and should not be overridden. You should try to figure out why this test is failing on your server. It is likely to be one of the following reason:

1. Your server cannot create a persistent session.
2. Apache does not have mod_rewrite enabled.
3. Your WordPress is installed in an unusual Aliased or Virtual directory that prevents the RewriteRule from finding the correct install path.

I think my WordPress is installed in an unusual directory: /autoinstalator/wordpress5

What should be the usual path?

It does not matter what directory you install WordPress into, what matter is if that directory is Aliased or Visualized in a way that affects the rewrite path. If this is really your problem then you can add the absolute path after the document_root to the .htaccess file in /wp-content/plugins/gotmls/images/ as the RewriteBase right after RewriteEngine On. so the contents of that file might look something like this:

# BEGIN GOTMLS Directory Protection
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /wp-content/plugins/gotmls/images/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>
# END GOTMLS Directory Protection

What do you mean by the ‘persistent session’?

I’ve just been told that execution time of the session is (default value) 1440 s. Does it mean that my server cannot create persistent session?

What do you mean by the ‘persistent session’?

I just mean that the session variables created on page need to persist on through the following page loads as in a normal functioning session.

It does not sound like that is your problem though. It sound more likely that your problem is with the rewrite.

Another use had a similar problem and I was able to fix it for them. I am working on a new release that would solve the rewrite issue. Please let me know if you tried the .htaccess modification in my last post.

I get this:

Brute-force Protection Not Installed

No response from server!

How to turn of the protection?

I just released a new plugin update that should resolve this issue for you. Please download version 4.14.62 and let me know how that works for you.

Aloha, Eli

Works! Thanks a lot! ??

I have the latest version (4.14.65) and I’m getting the same error message. There’s nothing exotic about the site – in fact, there’s hardly any content yet. It’s set up as a subdomain off my main hosted site. I have a half-dozen other domains set up the same way and they have no problem with the Brute Force protection. Any ideas?

This issue was resolved so your issue may be caused be something else entirely. Can you please be more specific about the behavior you are experiencing?

Instead of saying “I’m getting the same error message” can you specify the error message or even post a screenshot?

Can you check the page with the Element Inspector or check the Error Console for JavaScript Errors on the admin page that is displaying the given error message?

I am happy to help you get to the bottom of this, I just need more info to go on…

Certainly…

When I go to the Anti-Malware Scan Settings Panel, it says, “Brute-force Protection Not Installed. Your Server could not start a Session!”

Screenshot: https://bit.ly/1CeSdOv

Thank you!

Ok, Thanks for the specific error. This indicates that either session_start() is failing or the active session is not persisting from one page load to the next.

You mentioned that you have other sites on this server that are not having this issue, right?

If this is the only site that is experiencing this problem then I would look for something that is different about this site’s configuration (a custom php.ini file, an .htaccess with unusual directives, or maybe a missing tmp directory where the session files are supposed to be written).

It is also possible that there is a plugin or some customized PHP code that is messing with the $_SESSION globals.

You may also need to get your hosting provider involved to prove that the site is capable of starting a persistent session.

Let me know if any of that was helpful or not.

Aloha, Eli

SyntaxError: expected expression, got '<'
https://--------blank--------.com/wp-content/plugins/gotmls/images/gotmls.js?SESSION=0
Line 4

I got this script error when the plugin was checking for the session compatibility. Hopefully this will help in figuring out this issue.

This Syntax Error showes that you are getting an unexpected ‘<‘ in the output of gotmls.js when there should only be valid JavaScript in this output. Can you inspect the complete source code returned by that URL? It probably contains HTML instead of JavaScript, in which case your server is not executing the RewriteRules correctly.