Forbidden / Permission to Access Login Page

Hi dailyvideo did you enable any of the Brute Force features?

Almost the same error. When I try login (username and password), get 404 page for the /wp-admin/ or wp-admin/index.php I can’t even enter the dashboard.

If the plugin is disabled (via FTP) and enable again, the system logs my tries. Only when the feature rename login page is active.

Tried re-install and reset everything (cleaning database), but the issue still remains. I didn’t change anything in my site.

@vitorhugo,

Tried re-install and reset everything (cleaning database), but the issue still remains

Did you also remove any code in your .htaccess file which may have been added by this plugin via firewall rules etc? If not please do that.

Also have you checked this plugin’s log file and your server logs?
If so can you share what the logs produced are?

You mentioned the rename login feature but I couldn’t really understand what you meant – can you provide more details?
Have you tried deactivating that feature to see if the issue stops occurring?

@mbrsolution

Brute Force:
Enable rename login page: No
Cookie based: No
Login captcha: Yes
Captcha on custom login: No
Lost password captcha: Yes
Login whitelist: I have my IP and one of the clients in there.
Honeypot: No

Thanks, please advise based on my settings why this would forbid people without a whitelisted IP.

Hi @dailyvideo does your client have a dedicated IP address or a dynamic IP address?

@mbrsolution: Thanks for the reply!

1) .htaccess: yes, I did restore the original one (backup).

2) Rename Login Page: sorry, my bad. The issue (404 and all the jazz) only happens when the feature is active.

3) Logs: I got it

PHP Warning: include_once(/server/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-process-renamed-login-page.php): failed to open stream: No such file or directory in /server/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-wp-loaded-tasks.php on line 14

PHP Warning: include_once(): Failed opening ‘/server/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-process-renamed-login-page.php’ for inclusion (include_path=’.:/usr/php/54/usr/lib64:/usr/php/54/usr/share/pear’) in /server/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-wp-loaded-tasks.php on line 14

PHP Fatal error: Class ‘AIOWPSecurity_Process_Renamed_Login_Page’ not found in /server/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-wp-loaded-tasks.php on line 15

But… I tried replicate the issue now and everything worked as should. Sorry.

No problem @vitorhugo, it is good that everything is working for you now ??

Regards

@mbrsolution

no idea. how can i find out?

also why was this never a problem with any other site i’ve done?

again, if i whitelist the client ip it is fine.

thanks

@dailyvideo,
I just wanted to explain the behaviour of the whitelist feature in order to clear up any confusion.
When you activate the whitelist feature, you are effectively blocking every IP address from accessing your login page EXCEPT the IP address or addresses you have specified in the whitelist settings.
Therefore, if your client’s IP address has changed since you saved the white list settings, they will not be able to access the login page. Only people with an IP address which is specified in the white list settings will be able to access the WordPress login/admin pages.

Can you verify if the user who is having issues accessing the login page has an IP address which is different to the IP address list in the white list settings?