Can’t log in to website with WF active

This is happening on almost all of my websites (50+ websites)

After the last plugin update it has happened to me as well!!

I have also tried to roll back the plugin to an older version but it keeps not working.
So I have discovered that there is a conflict between Wordfence and the plugin Breeze.

Oddly enough, today I have updated both and when I have tried to deactivate breeze, wordfence has restored to work again.

How can we solve the problem? Should I contact the Breeze plugin developers ?

Hello @sbwd and thanks for reaching out to us!

It sounds like a similar issue to what @gamma42 was seeing, where a plugin might be conflicting with the login page.

Once you get logged into one of your sites, activate Wordfence again, then send me a diagnostic to review.

Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

@gamma42 I recommend reaching out to Breeze to see what might be causing the conflict.

Thanks again!

Thank you @wfadam
I just sent the diagnostics report.

Same issue here. Disabling either WF or Breeze fixes the issue with the login page. Following.

Began with Breeze 1.2.0 and WF 7.5.3, both updates released and installed yesterday, May 10. WP 5.7.1 on PHP 7.4.

• This reply was modified 3 years, 6 months ago by btreece84. Reason: Added plugin versions

Same issue and I have both Breeze and WF. Sounds like someone needs to get on the same page and stop writing code that conflicts. They have standard practices for this kind of thing. Get it fixed please. Affecting all my sites. This is not the first time this conflict has happened either.

I have found that when you disable reCAPTCHA under Login Security even with Breeze enabled that I’m able to login. So the problem is with Google and Wordfence.

I am not able to log in manually even after disabling reCAPTCHA

I have contacted Cloudways support as I use their services. The Breeze plugin team is actively working on an update. Hopefully it will be soon.

Hi all,

We tested this issue using the Breeze plugin and found that it’s caused by a new Breeze feature “Delay JS inline scripts”. This is modifying when one of our inline scripts is processed, which breaks the code that depends on it.

In Breeze’s “Advanced Options”, under “Delay JS inline scripts”, you can remove the line that says “nonce” to avoid having our script deferred, which should make logins work properly again. WordPress’s translation features might also be broken by that line, and likely some other plugins as well.

This affects Wordfence’s two-factor authentication, if one or more users has set up 2FA, and the reCAPTCHA feature, so using either or both of those features would be broken by Breeze modifying our script tags. (That is probably why disabling reCAPTCHA worked for some but not others in this thread.)

-Matt R
Wordfence QA Lead

Hi Matt R. Thanks, but I tried that and I still cannot login. I also clear cache too.

Ok. I don’t know of any other conflicts with Breeze currently, but conflicts with other plugins or WP core might still cause issues, if the Breeze plugin is modifying those too.

Can you double check that the nonce line was removed from the Breeze settings? On the site linked in your profile here, I still see script type='module' for part of WordPress core where the next line is var userProfileL10n — without Breeze’s new feature, that script tag is normally script id='user-profile-js-translations'

I also see javascript errors in the console saying Uncaught ReferenceError: wp is not defined similar to what I saw on our test sites with the Breeze issue.

-Matt R

Matt R. The site I remove the nonce on is https://www.lpcw.com and I did verify it was removed.

Ah, ok. I figured it was worth trying the site I could find. I do see on lpcw, the site does not have the problem with the type='module' added by Breeze — but Breeze has broken the api.js file that we load from Google for the captcha.

Interestingly, this doesn’t happen on my test site unless I turn off the “JS” option under “Minifcation” in Breeze’s settings. I don’t know why they are modifying that script tag when minification is off but not on, but they have removed parameters that are necessary when loading Google’s api.js file.

Enabling JS minification may work on your site, but that has the potential to break other scripts. You can try it if you like, but be sure to test your site’s functionality if you do — otherwise, I’d recommend disabling Breeze temporarily, until their next release that may fix these new issues.

-Matt R