freris

Problem solved ! Thanks to Supsystic for fast response.

The problem was that “magically” disappears from SEO fields of each photos, all texts.

Typing here both two descriptions and all is ok now.

Hi again !

Finally i find the solution, after a contact with my host provider.

Step one. Return the Web Application Firewall to ON. It’s very dangerous, told me from host provider.
Step two. Try to login and you get the known “forbidden” result.
Step three. Go to Plesk – Web Application Firewall > Error log file and search for errors.
You see somewhere, something like “[id “xxxxxx”]”, a number as Id.
Step four. Go to Security rule IDs and type here ONLY the number, without “Id” or ” [ – ]” – Only the number – warning!.
Finally, press the “apply” button and then try to connect again. Now login it’s Ok and the web site is Safe.

Regards – freris

Hi

Dear Champ Camba

No luck with stop rewriting rules and server name.
I try to contact with my host for mod_rewrite.
I provide the error from my host apache server error log

ModSecurity: Warning. Pattern match “(?i:\\\\b(?:t(?:able_name\\\\b|extpos[^a-zA-Z0-9_]{1,}\\\\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o …” at ARGS_NAMES:user_password-342. [file “/etc/httpd/conf/modsecurity.d/rules/comodo/23_SQL_SQLi.conf”] [line “18”] [id “211540”] [rev “5”] [msg “COMODO WAF: Blind SQL Injection Attack|xxxxx-xxxxx.xx|”] [data “Matched Data: user_password found within ARGS_NAMES:user_password-342: user_password-342”] [severity “CRITICAL”] [hostname “xxxx-xxxx.xx”] [uri “/\\xcf\\x80\\xce\\xb5\\xcf\\x81\\xce\\xb9\\xce\\xbf\\xcf\\x87\\xce\\xae-\\xce\\xbc\\xce\\xb5\\xce\\xbb\\xcf\\x8e\\xce\\xbd/”] [unique_id “V1bKDn8AAAEAADLUeVoAAADF”]

Thanks

Hi again

For test, i checked other 5 login modules but working with no problem at all. Something strange happening with this excellent module. I downgrade the module to previeus version 1.53 but not works. I will waiting the official answer from author.

The tested modules are:
Custom Login
Login-Logout
Memphis Custom Login
A5 Custom Page Login
Customize WordPress Login Page

But none has the features of ULTIMATE MEMBER plugin.

Hi to all!

Just found a solution, but i don’t know if i am right.
I logged in to my host Plesk panel and in section “Web Application Firewall”, i saw that is checked the “Web Application Firewall mode” – “On”. When uncheck this and then check the “Detection only”, the problem solved.
But i don’t know if my site is vulnerable now

Hi,

Just found something strange. I made update the plugin in my local apache server in my laptop, and [ strange – very strange ] no problem !!!
Something happens with live server folder permissions ?

I say that, to help to solve problem

Hi – me too, today after update, no login anymore

Forbidden

You don’t have permission to access /wp/login/ on this server.

I hope, authors of plugin, to correct this problem