Can’t login after enabling brute force protection

Hi @bahus

you should try access with secret word so {site_url}?{secret_word}=1 It will save cookie in your browser for 24 hrs the again after 24 hrs it will start redirect to 127.0.0.1 and you can access with {site_url}?{secret_word}=1 only.

If you have enabled and forgot the {secret_word} define AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION true in wp-config.php and try access with wp-login.php ( or renamed login page) it will disable the cookie based brute force

define('AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION', true);

Once you logged in please go to WP Security > Brute force > Cookie based brute force prevention.
there check secret_word and remove the defined constant.

IF still issue and you are being redirected to 127.0.0.1 your IP might be blcoked please try access with another internet connection it should allow to login and remove your blocked IP from WP Security > Dashbaord > Permanent block list

Regards

In which database table is the flag for enabling the brute force protection function located?

Hi @bahus

In databse it is the aio_wp_security_configs as option_name of wp_optionstable have that as serialised config array aiowps_enable_brute_force_attack_prevention

But it is applied from \wp-content\uploads\aios\firewall-rules\settings.php aios_enable_brute_force_attack_prevention if you set its value to 0 temporary it will stop enabled the cookie based brute force prevention.

Regards

You need to create a plugin, similar to Wordfence Assistant, that would clean up all traces of AIOS (files and tables in the database) in the system when such problems arise.
Or deleted all AIOS settings to factory defaults.

Hi @bahus

Thanks for your suggestion, I will create internal ticket for this.

Regards