gilesnr

Hi! OK, I only needed to uncheck 6G firewall rules as all other settings were off but this didn’t seem to help.

I checked the apache error log and see Apache ‘security2’ errors from modsecurity, maybe this is the cause:

ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file “/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf”]

uri: _jb_static

I also get:

Error: The one-time password (TFA code) you entered was incorrect.

after inputting only the user/pass

In dev tools I see 403 forbidden for:

https://<host>/_jb_static/??/wp-includes/js/jquery/jquery-migrate.min.js,/wp-content/plugins/all-in-one-wp-security-and-firewall/includes/simba-tfa/includes/tfa.js?m=1715191553&cb=1

Using Jetpack plugin with ‘boost’ is that conflicting here?

Thanks in advance if you have any info on this!

Giles

My bad, I found out that Pihole was blocking public-api.wordpress.com ..resolved!

But this is your server right ? This returns the error for my cURL client:

curl https://public-api.wordpress.com

Just checked my apache site, it’s configured like so, so TLSv1.2 included:

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

• This reply was modified 2 years, 2 months ago by gilesnr.

thanks, done!

I paste it here:

<?php __halt_compiler();
/**
 * This file was created by All In One Security (AIOS) plugin.
 * The file is required for storing and retrieving your firewall's settings.
 */
{"aiowps_6g_block_request_methods":[],"aiowps_6g_block_query":false,"aiowps_6g_block_request":false,"aiowps_6g_block_referrers":false,"aiowps_6g_block_agents":false,"aios_enable_rename_login_page":"1","aios_login_page_slug":"secret","aios_enable_brute_force_attack_prevention":"1","aios_brute_force_secret_word":"secret","aios_cookie_based_brute_force_redirect_url":"http:\/\/127.0.0.1","aios_brute_force_attack_prevention_pw_protected_exception":"","aios_brute_force_attack_prevention_ajax_exception":"1","aios_brute_force_secret_cookie_name":"aios_brute_force_secret_f271c12a8f430c7d02a9e3c7a85eaa6a","aios_brute_force_cookie_salt":"X;qk@+O~D.J\/WNA|O2PjbEHo1Pd~l0mNmYWe.<CE|1s*)(-C60+=+*%@&Ym~iq|D~^^0y?k:8&c=;MXwtJM6a1x(tb$Kbp<@UofD
7V@_JhlCbdKr]<-Y|CF4|-Ad+l+"}

• This reply was modified 2 years, 3 months ago by gilesnr.
• This reply was modified 2 years, 3 months ago by gilesnr.

Hi Ashley,
OK, then that explains it, it’s indeed in the php.ini so it’s global, I think that was in the plugin instructions right ?

I will look at moving it to the site .htaccess.

Thanks!
Giles.

Hi @hjogiupdraftplus
I sent it through the Premium plus support with a link to this ticket.

Thanks!
Giles.

Hi,
Sent the file as requested.
I actually had both enabled, renamed url with secret and secret cookie, both didn’t work.
The plugin was set to be auto-updated so it was always up to date.

Thanks!
Giles.

• This reply was modified 2 years, 3 months ago by gilesnr.

Hi Ashley,
Indeed ‘block query strings’ was triggered, sent the log as requested.

Thanks!
Giles.

Hi,
No, it’s located in the standard location /usr/share separate to wordpress in /srv/http so I was surprised it was being affected but somehow it is.

Cheers
Giles

Great ! Glad to have helped.

It’s solved for me after looking into the code and debug logging in the wordpress database.

The permission error occurred because I was blanking out the Server response header in the Apache2 settings for security reasons. If you make sure the response header is set to minimally ‘Apache’ say, this will satisfy the plugin and it will write to .htaccess successfully.

My Apache2 code:

<IfModule security2_module>
    SecStatusEngine on
    SecRuleEngine on
    ServerTokens Full
    SecServerSignature "Apache"
</IfModule>