Without brute force cookie, users cannot logout? Woocommerce

It’s still not clear to me what the exact the problem you are having is.

Are you saying in some browsers you can log in and logout when using the brute force feature but in others you can’t?

For any browser that enter the bruteforce cookie url, such as https://www.mysite.com/?login=1
After type the url, I can login & logout.

Without Type in the bruteforce cookie url, I can only login but cannot logout, when I click logout, it redirect me to the page I set in bruteforce cookie setting not the page I set after logout. But I click back to my account still login.

For instance, After logout should redirect to myaccount page. instead of this, I click logout without type in bruteforce url, it redirect to homepage in my case ( I set if anyone try bruteforce attack it will redirect to homepage)

Browser not issue, But browser without that url(such as https://www.mysite.com/?login=1) cannot logout.

I have a exactly same website running in other domain but not using bruteforce cookie or any bruteforce feature. I can login & out. So I think it should be the bruteforce cookie url isue

Hi @wowforlife, yes it sounds like you might not be able to use the Cookie Base Brute Force Prevention option. Try using the other Rename Login Page. See how you go.

Kind regards

Yes, that feature works fine, but when a customer user login, he can type .com/wp-admin access dashboard, Bruteforce cookie will not let them in.Anything I can do fix the cookie url problem?

Yes, that feature works fine, but when a customer user login, he can type .com/wp-admin access dashboard

No that’s not true. If the rename login feature is active and somebody tries to access “yoursite.com/wp-admin” directly they will see an error message and will not be able to login unless they type the renamed login URL.

Umm, I tried, when a user already login, with a login account. they can type wp-admin to access dashboard…..

Hi @wowforlife, make sure that you cleared your cache in your browser or browsers. Try to login in a different browser and make sure you are not logged in as the administrator while testing this procedure. Can you also share your URL so that we can test as well.

Kind regards

I tried, when a user already login, with a login account. they can type wp-admin to access dashboard

@wowforlife,
The key here is that the user is “already logged in” – so of course they can access the “admin” url. The most important thing is that someobody who is not logged in cannot access the “wp-admin” url.

As mentioned by @mbrsolution, try doing this test from a completely different browser where you are not logged in and you will see that you won’t be able to access the admin pages or the login page unless you know the renamed login URL.

Okay, Thanks for the help~ Any idea how could I fix that logout issue from bruteforce cookie

Hello?

Hi @wowforlife, did you try out suggestions above?

Regards