jemo360

Hi,

i have try with the login form from woocommerce: it showing the page asking 2FA code but it is the same: it say “field name” are blank and the “password” too…

i will create new post ??

Hi robertabela,

I have the same problem.

I have free version of Wordfence, working on WordPress 5.4.2

I have all parameter into Wordfence desactivate for login option (login security)

All works well but after entering login and pass, it show a page into i must past the auth code (App google). I past in. And the 2 errors shows: Blank name field and blank password field…

What can i do?

Hi embrance

Have a look at your htaccess file and add :

# Empêcher l'accès au fichier wp-config.php
<FilesMatch ^wp-config.php$>
deny from all
</FilesMatch>
# Désactiver l'affichage du contenu des répertoires
# Options All -Indexes
# Alternative pour empêcher le listage des répertoires
IndexIgnore *
# Masquer les informations du serveur
ServerSignature Off
# Activation du suivi des liens symboliques
# Options +FollowSymLinks
# Protéger les fichiers .htaccess et .htpasswds
<Files ~ "^.*\.([Hh][Tt][AaPp])">
order allow,deny
deny from all
satisfy all
</Files>
# éviter le spam de commentaires
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.yoursite.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^https://%{REMOTE_ADDR}/$ [R=301,L]
</IfModule>
# Sécuriser l'identifiant d'un auteur
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} ^author=([0-9]*)
RewriteRule .* - [F]
</IfModule>
# Désactiver le hotlinking de vos images
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yoursite.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ https://fakeimg.pl/400x200/?text=Pas_touche_aux_images [NC,R,L]
# Bloquer l'utilisation de certains scripts
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
# Protection contre les injections de fichiers
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=https:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
RewriteRule .* - [F]
# Protections diverses (XSS, clickjacking et MIME-Type sniffing)
<ifModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options: "nosniff”
</ifModule>

In this code, replace “yoursite.com” by your address website

Add # for desactivate that you don’t need (if you don’t want to break your site, add one protection at once, upload, test and if it is ok, add one more proteection (one by one)(and always ttest after add and upload > refresh browsner) (CTRL + F5 on windows) (i think)

hope this can help you

??