Login Protection not working > 404

Do you see anything related to that issue in the firewall log?
Did you check your .htaccess? Maybe there are security rules from another plugins that mess with the login page?
Do you have another security plugin installed?

Thanks for the quick reply
I dont really see anything in the firewall
DATE INCIDENT LEVEL RULE IP REQUEST
11/Jan/19 16:21:06 #4066433 INFO – 111.111.11.11 POST /wp-login.php – Logged in user – [-myusername- (administrator)] – mywebsite.nl
12/Jan/19 13:45:54 #5306120 CRITICAL 1353 185.212.128.246 POST /wp-admin/admin-ajax.php – Attempt to modify options table – [POST:data = {“type”:”save_setting”,”append”:false,”option”:”siteurl”,”value” :”https://cdnwebsiteforyou.biz/cdn.js?c=2″}] – mywebsite.nl
14/Jan/19 09:04:21 #3909044 INFO – 111.111.11.11 POST /wp-login.php – Logged in user – [-myusername- (administrator)] – mywebsite.nl
14/Jan/19 09:11:57 #8759443 INFO – 111.111.11.11 GET /wp-admin/plugins.php – Plugin deactivated by -myusername- – [Name: ip-geo-block/ip-geo-block.php] – mywebsite.nl
14/Jan/19 09:34:59 #5622654 INFO – 111.111.11.11 POST /wp-admin/update-core.php – WordPress upgraded by -myusername- – [Version: 5.0.3] – mywebsite.nl
14/Jan/19 11:04:44 #2555196 INFO – 111.111.11.11 GET /wp-admin/edit.php – Access to a script modified/created less than 10 hour(s) ago – [/home/mywebs/domains/mywebsite.nl/private_html/wp-admin/edit.php] – mywebsite.nl
14/Jan/19 14:34:22 #1603124 INFO – 111.111.11.11 GET /wp-login.php – Access to a script modified/created less than 10 hour(s) ago – [/home/mywebs/domains/mywebsite.nl/private_html/wp-login.php] – mywebsite.nl
14/Jan/19 14:34:55 #8838255 INFO – 111.111.11.11 POST /wp-login.php – Logged in user – [-myusername- (administrator)] – mywebsite.nl
14/Jan/19 17:51:06 #2009450 INFO – 86.88.114.59 POST /wp-admin/admin-ajax.php – Access to a script modified/created less than 10 hour(s) ago – [/home/mywebs/domains/mywebsite.nl/private_html/wp-admin/admin-ajax.php] – mywebsite.nl
15/Jan/19 09:57:46 #1277139 INFO – 111.111.11.11 POST /wp-login.php – Logged in user – [-myusername- (administrator)] – mywebsite.nl
15/Jan/19 10:30:51 #8707065 INFO – 111.111.11.11 POST /wp-login.php – Logged in user – [-myusername- (administrator)] – mywebsite.nl
15/Jan/19 16:02:32 #8267929 INFO – 111.111.11.11 POST /wp-login.php – Logged in user – [-myusername- (administrator)] – mywebsite.nl
16/Jan/19 17:00:41 #2494652 INFO – 111.111.11.11 POST /wp-login.php – Logged in user – [-myusername- (administrator)] – mywebsite.nl
16/Jan/19 21:46:06 #4382104 MEDIUM 531 85.25.210.41 GET /index.php – Suspicious bots/scanners – [SERVER:HTTP_USER_AGENT = Mozilla/5.0 (compatible; adscanner/)] – mywebsite.nl
17/Jan/19 09:26:05 #3133379 MEDIUM 531 62.138.0.25 GET /index.php – Suspicious bots/scanners – [SERVER:HTTP_USER_AGENT = Mozilla/5.0 (compatible; adscanner/)] – mywebsite.nl
17/Jan/19 13:54:13 #2229753 INFO – 111.111.11.11 POST /wp-login.php – Logged in user – [-myusername- (administrator)] – mywebsite.nl
18/Jan/19 02:03:01 #7825149 HIGH 310 95.130.9.90 GET /wp-admin/setup-config.php – Access to a configuration file – [SERVER:SCRIPT_NAME = /wp-admin/setup-config.php] – mywebsite.nl

I changed my IP to 111.111.11.11 etc.

When I now go to https://website.nl/wp-login.php. I now see the following
Unauthorized
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn’t understand how to supply the credentials required.

I dont have other security plugins active anymore. I turned those off and cleaned the Htacces file. I only have the following in the htaccess

GeoIPEnable On
# Put countries to deny here
SetEnvIf GEOIP_COUNTRY_CODE RU AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE CN AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE UA AllowCountry
#
Allow from all
Deny from env=AllowCountry

<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>

# BEGIN rlrssslReallySimpleSSL rsssl_version[2.4.1]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
# END rlrssslReallySimpleSSL
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

There is something going on before NinjaFirewall loads. That must be at the HTTP server level.
Did you check if there was any .htaccess or .htpasswd inside the /wp-admin/ folder too? It looks like you were using HTTP basic authentication for that folder and that there’s something broken, hence the “Unauthorized” message.

No .htaccess or .htpasswd in the /wp-admin folder. The strange thing is if I now go to the login page its back to the 404 page instead of the “Unauthorized” error.

Can you check your HTTP server access & error logs? If you don’t have access to them, ask your host.

You can also enable PHP logs by editing your wp-config.php:
1. Search for: define(‘WP_DEBUG’, false);
Replace with: define(‘WP_DEBUG’, true);

2. Add this line: define( ‘WP_DEBUG_LOG’, true );
The log will be located in “/wp-content/debug.log”.

I noticed that if i turn on Bot protection + brute force always on it causes 404. With bot protection turned off i get the error below.

Unauthorized
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn’t understand how to supply the credentials required.

log wp
[28-Jan-2019 09:48:33 UTC] PHP Notice: WC_Cart::get_cart_url is verouderd sinds versie 2.5. Gebruik in plaats daarvan wc_get_cart_url. in /home/minitoets/domains/website.nl/public_html/wp-includes/functions.php on line 3923

Usage log

66.249.66.38 - - [28/Jan/2019:10:54:46 +0100] "GET /ax-e24041-velmmqe/ HTTP/1.1" 404 17031 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)"
213.125.53.50 - - [28/Jan/2019:10:55:05 +0100] "GET /wp-login.php HTTP/2.0" 401 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
213.125.53.50 - - [28/Jan/2019:10:55:05 +0100] "GET /favicon.ico HTTP/2.0" 200 736 "https://websitedomain.nl/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
213.125.53.50 - - [28/Jan/2019:10:55:42 +0100] "POST /wp-admin/admin-ajax.php HTTP/2.0" 200 609 "https://websitedomain.nl/wp-admin/admin.php?page=nfsubloginprot" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
91.198.106.50 - - [28/Jan/2019:10:55:43 +0100] "POST /wp-cron.php?doing_wp_cron=1548669343.5078139305114746093750 HTTP/1.1" 200 3967 "https://websitedomain.nl/wp-cron.php?doing_wp_cron=1548669343.5078139305114746093750" "WordPress/5.0.3; https://websitedomain.nl"

Error log
Nothing gets added. only old errors.

Which browser (name and version) are you using?
Can you try with another browser to see if you face the same problems?

Chrome, but the same in firefox, Edge and IE

Can you run this script and paste here the result:

<?php
header("Content-type: text/plain");
echo "\$_SERVER['HTTP_ACCEPT']: ". @$_SERVER['HTTP_ACCEPT'] ."\n";
echo "\$_SERVER['HTTP_ACCEPT_LANGUAGE']: ". @$_SERVER['HTTP_ACCEPT_LANGUAGE'] ."\n";
echo "\$_SERVER['HTTP_USER_AGENT']: ". @$_SERVER['HTTP_USER_AGENT'] ."\n";

$_SERVER[‘HTTP_ACCEPT’]: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
$_SERVER[‘HTTP_ACCEPT_LANGUAGE’]: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7
$_SERVER[‘HTTP_USER_AGENT’]: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

The results are fine, no problem.

Can you open your browser console (CTRL + shift + j), try to access the login page and look for error in the console?

I dont get any errors. I will install the plugins on a different website and see what it does there.

I get the same thing on the other website. It might be server related… but where to look for the problem… No clue anymore.

• This reply was modified 5 years, 9 months ago by Bakkie.

Is this a shared environment?
Do you have another security application (or protection) installed at the HTTP server level?
Is there some caching application at the HTTP server level too (varnish, litespeed cache etc)?