Locked out of dashboard after upgrade to 5.1.1

Hi,

Sorry about the inconvenience caused.

This was likely caused by a feature that wasn’t working correctly before and now that it’s been fixed and moved to the PHP based firewall it caused a lockout.

Glad you was able to resolve the issue your self.

If theres anything else you need just let me know.

Best Wishes,

Ashley

@gilesnr

Glad to hear the problem went away by removing that file.

We have in recent release has updated the how cookie based brute force works.

Can you send me that file if available for to review. so we may check if anything is wrong inside that.

Did you try access the dashboard with login using secret word of cookie based brute force? (IF have older version of AIOS < 5.0.0 and updated) it might required.

Hi,
Sent the file as requested.
I actually had both enabled, renamed url with secret and secret cookie, both didn’t work.
The plugin was set to be auto-updated so it was always up to date.

Thanks!
Giles.

• This reply was modified 2 years ago by gilesnr.

Hi @gilesnr

can you please let me know where you have sent the files requested?

Regards

Hi @hjogiupdraftplus
I sent it through the Premium plus support with a link to this ticket.

Thanks!
Giles.

Hi @gilesnr

I got your request for this ticket, but theres no file attached.

Best Wishes,

Ashley

I paste it here:

<?php __halt_compiler();
/**
 * This file was created by All In One Security (AIOS) plugin.
 * The file is required for storing and retrieving your firewall's settings.
 */
{"aiowps_6g_block_request_methods":[],"aiowps_6g_block_query":false,"aiowps_6g_block_request":false,"aiowps_6g_block_referrers":false,"aiowps_6g_block_agents":false,"aios_enable_rename_login_page":"1","aios_login_page_slug":"secret","aios_enable_brute_force_attack_prevention":"1","aios_brute_force_secret_word":"secret","aios_cookie_based_brute_force_redirect_url":"http:\/\/127.0.0.1","aios_brute_force_attack_prevention_pw_protected_exception":"","aios_brute_force_attack_prevention_ajax_exception":"1","aios_brute_force_secret_cookie_name":"aios_brute_force_secret_f271c12a8f430c7d02a9e3c7a85eaa6a","aios_brute_force_cookie_salt":"X;qk@+O~D.J\/WNA|O2PjbEHo1Pd~l0mNmYWe.<CE|1s*)(-C60+=+*%@&Ym~iq|D~^^0y?k:8&c=;MXwtJM6a1x(tb$Kbp<@UofD
7V@_JhlCbdKr]<-Y|CF4|-Ad+l+"}

• This reply was modified 1 year, 12 months ago by gilesnr.
• This reply was modified 1 year, 12 months ago by gilesnr.

@gilesnr

I try replicate the issue but can not find any issue strange.

Using the same settings that rename login + cookie based brute force enabled with ajax allowed and password protected pages not allowed. Also make sure that reading the salt value do not have any problem.

Regards

@gilesnr

We have fixed locally this issue upcoming release will fix it. It is issue regarding if the plugin deactivated and activated the plugin again and cookie based brute force on.

Do Below steps.

1) Go to wp-content\uploads\aios\firewall-rules\settings.php “aios_enable_brute_force_attack_prevention” remove 1 and make it blank so “” and try login with wp-login.php or renamed login page. If still issue delete the settings.php file.

Download below zip file and replace the plugin files. Plugins > Add new > Upload zip > update with new one from this zip file. So in future you do not have this issue.

https://www.dropbox.com/s/fgufitbilydtzxr/all-in-one-wp-security-and-firewall.zip?dl=0

Regards