sun6hine

Thank you, then I will resort to this makeshift solution. Sorry I couldn’t get to the bottom of the problem any further, many thanks for the great support and your time!

Thanks, I’d appreciate that, but unfortunately I don’t have access to the console in the limited package of my webhoster :/

From your point of view, is there anything against restricting access to wp-login.php via htaccess? This way, bruteforce attacks could still take place, though it sets up a second hurdle.

No, unfortunately, that’s just the problem …

Login Protection enabled:
Bot Protection enabled: Content Encoding Error, can’t access website at all.
Bot Protection disabled: Returning 401 without even being able to enter user/pass or solve captcha.

Login Protection disabled:
Can login to WP backend without running into errors.

Thanks, that’s an idea! I’m running on 7.3.15. zlib.output_compression is set off.

If init_set is blocked (shared server :/), there’s no chance to avoid 401 (even w/o bot protection enabled), correct?

Thanks for your reply!

1. No changes were made to HTTP Headers, neither through NF, nor manually.
2. No new themes/plugins were installed.

Interestingly, when I disable “Enable bot protection”, the server replies with HTTP 401 (Unauthorized), so there’s no Content Encoding Error anymore … which, optimistically speaking, is a step forward ??

(Tested on Chrome 80, FF 74.0.1, Edge 80, Opera 66; Win10, several Linux’ and MacOS)