Block direct access to wp-login.php setting

  • Resolved mireillesan

    (@mireillesan)


    4 years, 10 months ago

    Just trying out the plugin and liking it so far.

    There’s one issue I’m having.

    I love the option to Disable wp-login.php
    (Block direct access to wp-login.php and return HTTP 404 Not Found Error)
    WP Cerber > Dashboard > Main Settings tab

    There’s just one issue I found so far.
    When admins/subscribers log out, they get redirected to the wp-login.php page by WP by default.
    (wp-login.php?action=logout&_wpnonce=xxx).
    This (obviously) returns a HTTP 404 (if the option above is enabled) and therefore users aren’t fully logged out.
    Is there a solution for this?

Viewing 7 replies - 1 through 7 (of 7 total)

  • Hello
    I confirm. I experience the same problems.
    When I activate the settings
    ? Request wp-login.php
    ? Disable wp-login.php

    This is the message

    Not Found
    The requested URL /wp-login.php?redirect_to=https%3A%2F%2Fxxx%2Fwp-admin%2F&reauth=1 was not found on this server.

    Thank you

    Plugin Author gioni

    (@gioni)

    Hi! What way do you use to log out? A screenshot of a logout menu item or something else you click.

    @woodypad

    Hi @gioni
    From the classic WordPress button, in the upper right corner user menu you exit.

    Plugin Author gioni

    (@gioni)

    Hover the mouse cursor over the link. Do you see your custom login URL in the bottom left corner of the browser window?
    @woodypad

    Very strange, today when I wrote the first time, I entered www.remarpro.com to report the thing and a user (@mireillesan) had already written.
    Then I had taken off Cerber, now that I put it on again it seems that everything works.

    But I can confirm that now everything seems to work.

    Thank you

    • This reply was modified 4 years, 10 months ago by woodypad.
    • This reply was modified 4 years, 10 months ago by woodypad.

    Hi,
    This morning after opening the “wp-admin” site page,
    I find the same error page, it’s the plugin that blocks me from viewing the page.
    The strange thing that I only tried to log into wp-admin.
    By deactivating the plugin I enter the site and I notice that in the Activity list, there is my red IP with the message “Attempt to access URL prohibited” which results in wp-login, which I have never typed.
    The lockout starts in the minutes I start trying to log in with wp-admin.

    In any case, my IP is present in the White list.
    I hope I have given a clearer explanation of what is going on.

    Thank you

    Plugin Author gioni

    (@gioni)

    Based on your story you need to enable “Use White IP Access List” in the “Traffic Inspector” settings.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Block direct access to wp-login.php setting’ is closed to new replies.