Brute force protection enabled: unable to login

  • Resolved barnez

    (@pidengmor)


    5 years, 2 months ago

    Hi,

    I have a strange case. I have had brute force protection with captcha enabled on the login page for a several months. It has been working perfectly and helped me to overcome sustained attacks. Today I have been working on the site, and after logging out and clearing the cookies, I am now unable to log back in again. I enter the captcha, then my username and password (100% correct and entered through the browser password manager), but after that I am returned to the captcha, and so on. So I cannot access the WP dashboard.

    I have tried clearing the browser cookies, entering the username and password manually, and removing the autoprepend rules from .user.ini and .htaccess, but that has not helped. I am still stuck in the loop.

    I can’t disable all other plugins until tomorrow and revert to the WordPress theme, and I am worried that these will need to be enabled in the dashboard once I rename them back to normal. Until then, this live site will not function as normal (e.g. the different forms).

    What is best way to reset the plugin? I have a configuration file from April (nfwp3.8.4.dat)

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter barnez

    (@pidengmor)

    After finding a related topic I have regained access by deleting bf_conf.php. Nothing is logged in the firewall log. If I re-enable the brute force protection with the captcha as always enabled (https://snipboard.io/7i3tx1.jpg), when I log out I am again stuck in the login loop. If I only enable the captcha protection when under attack, using the default settings, then I can log in fine. Now I know I can regain dashboard access I feel more comfortable about testing for a theme/plugin conflict. I will report back on anything I find.

    • This reply was modified 5 years, 2 months ago by barnez. Reason: Add info about successful login when protection only enabled for under attack
    Thread Starter barnez

    (@pidengmor)

    Fixed. Tracked the issue down the the Enfold theme and the new privacy settings, which were making cookies opt-in and thus interfering with the captcha.

    Plugin Author nintechnet

    (@nintechnet)

    Interesting. I have seen a few users who had the same problem lately but they couldn’t solve it. I’ll download this theme and will check if we can display a warning about that.

    Thread Starter barnez

    (@pidengmor)

    That’s a premium theme unfortunately. Here you can see the opt-in option for the cookies: https://snipboard.io/ywdJCX.jpg

    Plugin Author nintechnet

    (@nintechnet)

    I don’t know how they do that, I guess they delete any cookies (including PHP session like the one used by NinjaFirewall), except the WordPress authentication cookie. That’s should break many plugins.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Brute force protection enabled: unable to login’ is closed to new replies.