AIO WP Security – 403 Forbidden Login/Logout Issue

Update:

I followed all steps to properly delete the AIO WP Security plugin and removed from my htaccess file. I entered same the settings. I cannot login from any web browser, with exception to Mozilla Firefox. I must use the wp-admin login URL and cannot use my secured login URL page.

Update:

Almost forgot to mention the following:

I deactivated all plugins, with exception to AIO WP Security. The issue still occurred – can only login from wp-admin page. When I log out, I continue to get the 403 Forbidden page.

I deactivated all plugins including AIO WP Sec. and was able to login and log out on the wp-admin page without any 403 Forbidden page. As I said before, even when logging out I was getting the 403 Forbidden page with AIO WP Sec. plugin activated.

This issue appears to be only related to AIO WP Security, which is affecting all my WP blogs.

Update:

Cannot login with any web browser now when using wp-admin login page earlier. That page is now giving me the same 403 Forbidden page.

Update:

I may have resolved the 403 Forbidden page issue for now.

After going through all my AIO WP Security settings that I have been using the same way for years, I found out that I can no longer use Brute Force >> Login Whitelist with the ‘Enable IP Whitelist’ box checked.

I can still use ‘Rename Login Page’, ‘Login Captcha’, and ‘Honeypot’. I never used ‘Cookie Based Brute Force Prevention’.

I can now login using my created login URL page, as before, without any 403 Forbidden page appearing during login or when logging out.

I found out that I can no longer use Brute Force >> Login Whitelist with the ‘Enable IP Whitelist’ box checked.

That’s interesting because as you say you were previously using the whitelist setting for years. I think what might have happened is that your IP address has changed and hence because the different IP address wasn’t in the whitelist settings, the plugin was blocking you based on that.

Yes… this is very strange. The first thing I checked was the IP address in the htaccess file and AIO WP Security – IP address whitelist. I checked my IP address again today and it’s still the same. Whenever I can’t login, I go to the htaccess file and enter the correct IP address so that I’m able to login. But this time, it didn’t work. I kept receiving the 403 Forbidden issue when logging in and logging out with my created login page URL.

The only way I could login, with AIO WP Security plugin active and same settings, was using the wp-admin login page (no 403 Forbidden issue). I could never log in this way in the past with the plugin enabled and same setting in AIO WE Sec. — Very Strange indeed.

I’ll experiment with this again when my IP address changes. Until then, I have to leave Brute Force Whitelist disabled so that I can login with my created login URL.