Cookie Based Brute Force Login Prevention

  • Resolved Sten

    (@stentch)


    3 years, 8 months ago

    Hi, i have enabled “Cookie Based Brute Force Login Prevention” but my default worpdress login address still working, is this correct? I have tried it on mobile phone, on different web browser and anything hapenned. Its possible thats is a bug? I have WordPress in subfolder, its problem? Thank you for your response!

Viewing 13 replies - 1 through 13 (of 13 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    Did you perform a cookie test first before you activated this feature?

    Do you have a cache system running in your site or server? What type of server is your site hosted in?

    Thank you

    Thread Starter Sten

    (@stentch)

    Hi, yes cookie test passed. Cache system in our site server is actually off (but i tried enable it but without change). Server is hosted by Apache, PHP 7.4.13.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    but my default worpdress login address still working,

    Just to be clear with you. Currently the following URL yoursite.com/wp-login.php still works in your site after enabling Cookie Based Brute Force Login Prevention. Is this correct?

    Can you carry out the following test. Disable all other plugins, except ours. Then carry out a test.

    If the above does not help, can you disable Cookie Based Brute Force Login Prevention and enable Rename Login Page instead. Then carry out a test.

    Let me know what happens.

    Thank you

    • This reply was modified 3 years, 8 months ago by mbrsolution.
    • This reply was modified 3 years, 8 months ago by mbrsolution.
    Thread Starter Sten

    (@stentch)

    Yes, my default login: “adress/wordpress/wp-admin” is still working when i have enabled “Cookie Based Brute Force Login Prevention”.
    When i had everything plugins enabled Rename Login Page Feature works. My Login Page URL was changed & it works i tried it ?? . After that i had enabled Cookie Based Brute Force Login Prevention. Settings passed, but nothing happened ?? .
    Now as you ask i disabled all plugins except yours. My moves: Plugins disabled – WP Security – Brute Force – Cookie Based Brute Force Prevention – Save Feature Settings (with enabled brute force attack prevention, with secret word) – Logout. And address/wordpress/wp-admin still works :S .
    For sure i again enabled only “Rename Login Page” with enabled plugins, everything is fine, when i set adress/wordpress/wp-admin i get message: Not available. I can access to my pages only with custom link (thumbs up).
    But, if helps, yesterday someone tried to get to my WordPress with bad username and system lock it and “Re-direct URL: 127.0.0.1” worked ??

    • This reply was modified 3 years, 8 months ago by Sten.
    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, does that mean that your issue is resolved now?

    Regards

    Thread Starter Sten

    (@stentch)

    No, becouse i get this message:
    You have successfully enabled the cookie based brute force prevention feature
    From now on you will need to log into your WP Admin using the following URL:
    https://adres/wordpres/?test1ng=1
    It is important that you save this URL value somewhere in case you forget it, OR,
    simply remember to add a “?test1ng=1” to your current site URL address.

    but this is not correct, i can still go to my wordpress through default wordpress address…

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, I think you should deactivate and delete the plugin. Then install a fresh new copy. Make sure you don’t accept the previous settings. Then clear your browser cache and any other cache system you might have in your site or server. Enable Rename Login Page and carry out a test.

    If the above steps don’t work for you, reset the plugin by following these instructions.

    https://mbrsolution.com/wordpress/how-to-reset-aiowps-plugin.php

    Let me know how you go.

    Thank you

    Thread Starter Sten

    (@stentch)

    I hope i do something better. On my one site (total under construction :)) i make:
    1. New database
    2. Upload WordPress
    3. Install WordPress
    4. Install SSL Plugin (WP Force SSL)
    5. Install All In One WP Security & Firewall
    6. Set All In One WP Security & Firewall with Cookie Based Brute Force Login Prevention
    7. Nothing happend
    address: https://dvap.sk/wordpress/wp-admin
    and my WP Security settings at this page: https://ibb.co/hyf0HCS

    Im trying ur plugin in all my sites from this hosting (i have only this one at this time, for now its 4 sites with your plugin) and in any site is it not working. Can be problem with some host settings?

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    Can be problem with some host settings?

    Yes, I believe it is some setting in your server that is causing this issue.

    Regards

    Thread Starter Sten

    (@stentch)

    Can you write me, which host settings this feature need? Becouse how to set hosting when i dont know which settings are requiered?

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, you need to speak to your host and ask them to help you find out why this feature is not working in your site. It could your server settings or your site. I am not 100% sure.

    Thank you

    Thread Starter Sten

    (@stentch)

    I wrote them, and they ask which settings are necessary.. you dont have any clues?

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Unfortunately no because it might also be related to your site as well. That is why I recommend that you ask them to investigate your site as well.

    Kind regards

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘Cookie Based Brute Force Login Prevention’ is closed to new replies.