Cookie based brute force login prevention

Hi,

Did you perform a cookie test before you enabled this feature?
Do you have a cache plugin installed in your site?

Thank you

Hi,

Yes, I did perform a cookie test before enabling it. it was successful.
I dont have a cache plugin installed in my site. but I use cloudflare Caching, should I access it and select the “purge everything” option?

Thank you

Hi,

but I use cloudflare Caching, should I access it and select the “purge everything” option?

Yes, try that and see what happens.

Regards

Hi,

Nothing really happened. I am still able to log in via /wp-login while The Cookie-Based Brute Force feature is currently active according to dashboard.

Thank you for sharing more information.

Try the following test. Clear the browser cache and carry out a test using different browsers.

Let me know what happens.

Now I cannot access via /wp-login.php
and tried to access with the secret url but I do not get access to the login page. it redirects me back to main page.

Hi, you will have ftp into your site and rename the plugins folder. Then try to log into your site with the WordPress default login wp-login.php. Once you are logged in, rename the plugins folder back to its original name and adjust your settings.

Let me know what happens.

Regards

Hi,

I followed the steps and logged in, renamed the plugins folder back to its original name and adjusted the settings. Although I am still able to access via /wp-admin instead of cookie based url. what should i do to utilize the cookie based secret url.

Thank you!

Hi, you can try one more troubleshooting step. Disable all other plugins then try again? Let me know what happens.

If the above does not work, then You can always try the option Rename Login Page in Brute Force.

Thank you

Hi,

I disabled most of them and nothing happened. unfortunately I might not be able to use cookie brute force feature, it is a pitty.

• This reply was modified 4 years, 7 months ago by globsticks.

Hi, you can still use Rename Login Page feature which is also very powerful.

Kind regards

Hi mbrsolution,

My website does have a registration page, so users have to click on the logout link at some point.
I am hiding the admin page via Rename login page secret slug, but I noticed that users can read its value from the URL when they log out. I am unable to utilize cookie brute force feature to hide the “secretslug”.

?do you happen to know how to hide the Login Slug from logout URL please? using another plugin maybe?

(hover on url you will see what I mean)

!Thank you!

` <li id=”menu-item-1788″ class=”bp-menu bp-logout-nav menu-item menu-item-type-custom menu-item-object-custom menu-item-1788″><a
href=”https://www.example.com/secretslug/?action=logout&redirect_to=https%3A%2F%2Fwww.example.com%2F&_wpnonce=c3b1dbd03b&#8221; > Log Out</li >

• This reply was modified 4 years, 7 months ago by globsticks.
• This reply was modified 4 years, 7 months ago by globsticks.
• This reply was modified 4 years, 7 months ago by globsticks.

Hi,

I am hiding the admin page via Rename login page secret slug, but I noticed that users can read its value from the URL when they log out. I am unable to utilize cookie brute force feature to hide the “secretslug”.

Are you talking about the users who log into your site via the secret word URL?

Thank you

Hi,

No, I am talking about the users who log in my site without using the “secretslug” who are contributors, not administrators. when they log out the get to see the “secretslug” shown above.

so these users are capable of seeing the secret slug which is the wp-admin slug renamed, and also they can see it on source code page. having that at their disposal they can try a brute force attack at wp-admin.

Thank you!

• This reply was modified 4 years, 7 months ago by globsticks.
• This reply was modified 4 years, 7 months ago by globsticks.

Hi, I have submitted a message to the developers to investigate further your issue/request.

Thank you