How does cookie test work in brute force cookie protection?

Hi AlexHoldingyou can read the following URL which provides the information you are looking for.

Kind regards

Thanks mbrsolution, however that article does not answer my question. I read it previously to posting this question, all it says about the “perform cookie test” is how to do it, not what it does or what it tests for, or what i should try and change if it fails.

Hi AlexHolding sorry about the link above perhaps these two links might give you more insight to your question.

• Link 1
• Link 2

Let me know if it helps you.

Kind regards

Thank you again for your help mbrsolution ?? Unfortunately no, those links dont answer my question either.

I took another approach and looked at the source code for aio-wp-security, i am not a php programmer though so i may have misunderstood, but it seems that the cookie test generates a cookie and tries to write it into .htaccess, is that correct?

What then is the condition for the test failing, being unable to write to the .htaccess file?

Hi answering the following question….

but it seems that the cookie test generates a cookie and tries to write it into .htaccess, is that correct?

Yes, that is correct it rights to the .htaccess file. Remember that it also deposits a cookie in the browser used to visit the special URL.

Your next question…

What then is the condition for the test failing, being unable to write to the .htaccess file?

You click on Perform Cookie Test first before you enable this feature. If the cookie test fails you can’t enable this feature.

I hope that helps you further with your question.

Regards

Thank you for your continued help mbrsolution, i appreciate it.

However, maybe i am not asking my question clearly. I understand that the cookie test is used to test whether or not the secret cookie feature can be used, that is obvious from the documentation.

What i want to know is how the cookie test is performed. So you can confirm that the test generates a cookie and writes to htaccess, so what causes it to fail?

Does it fail at writing the cookie? Does it fail at writing to the htacess file? Where? That is not clear from the documentation.

I need to know this as this server used to be able to use this feature, and now it cannot. I need to know what has changed on the server to now cause it to fail the cookie test and prevent this feature from being used.

I hope now it is more clear what i am asking.

Hi AlexHolding one of the developers will let you know how it carries out the test. Unfortunately that bit of information is beyond my knowledge as I am not the plugin’s developer.

However if it did work before and not any more. Was your sever updated recently? Did you add any other plugin?

Regards

mbrsolution, thank you anyway for your assistance, hopefully one of the developers will be able to answer my question.

Yes i agree this is very likely because our production servers run cPanel, and are automatically updated. So an update must have happened to cPanel that broke this feature, i just need to figure out what!

Hi again ?? I am just curious which browser are you using to test the cookie?

Thats a really good question, i am using chrome latest, do you think it could have an effect?

Well if you don’t enable cookies in your browser the plugin will not work. Check your browser settings.

Let me know how you go.

Cookies are definitely enabled in my browser

Okay do you have another browser like Firefox or even IE to carry out some test?

Also did you click on Perform Cookie Test in the plugin?

Okay do you have another browser like Firefox or even IE to carry out some test?

Yes, i have tested also with IE and Firefox, additionally i have tested against both production servers and test servers and the result is the same.

To be clear – the problem is not with the plugin. The problem is with cPanel i suspect, but until i know the internals of this feature i do not know what to address on the cPanel server to allow this plugin to work.

Also did you click on Perform Cookie Test in the plugin?

I am confused by this question, how else would i know that the cookie test function does not work??

To answer your question yes, i have tried the Perform Cookie Test and it returns the red dialog saying “The cookie test failed on this server. So this feature cannot be used on this site.”

Hi AlexHolding,
After doing some investigations I’ve found a small bug introduced when we added some more robustness and security to this feature.

We have now fixed this bug and released another version today so please update your plugin.