Password Protected Pages difficult to use with login protection enabled

  • Resolved wp_kc

    (@wp_kc)


    6 years, 11 months ago

    Problem:
    If Brute Force Login Protection is in effect, and you try to access a Visibility=Password Protected page, you are first asked for the page password, then forwarded to NinjaFirewall’s challenge, then get a blank page at ./wp-login.php?action=postpass

    Steps to reproduce:
    1) Set NinjaFirewall Log-inProtection to Always On. Set Type of Protection to Captcha. Checkmark Enable bot protection.
    2) Edit a WordPress page. Set Visbility to Password Protected, set a password, click the OK button. Click the page Update button.
    3) Logout of WordPress. Clear everything from browser cache to make sure you are no longer whitelisted by NinjaFirewall.
    4) Navigate to the password protected page. Enter the page password. Notice you are forwarded to the NinjaFirewall challenge page. Notice that after the challenge is correctly entered you get a blank page.

    Additional Notes:
    Click the back button on your browser to go back to the password protected page. Re-enter the page password. The page displays normally.

    You probably need to hook into the ‘the_password_form’ filter to display the challenge before the password form is displayed. Or maybe check post_password_required() and skip the Log-in Protection challenge for these pages if they are public.

    • This topic was modified 6 years, 11 months ago by wp_kc.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    The login protection should not apply to the protected page because its password is not related to the user account. This has been discussed once here a long time ago but it has never been fixed. I’ll exclude password protected pages in the next release of NinjaFirewall.

    You probably need to hook into the ‘the_password_form’

    The firewall works before WordPress is loaded, it does not use any hook.

    Thread Starter wp_kc

    (@wp_kc)

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Password Protected Pages difficult to use with login protection enabled’ is closed to new replies.