Requests to wp-login.php are strictly prohibited

  • Hello again. In reference to the function towards the end of the main settings, i wonder if this is working properly because when it is activated, the currently logged in user cannot sign out – logging out requires a call to wp-login.php and that appears to be denied

    Your documentation suggests this is only effective when a custom login page has been set, in which case maybe this option should only be selectable once the custom login is set?

    Also completely on-topic, the configuration item earlier in the list “Processing wp-login.php authentication requests” gives a drop-down of possible values which you explain clearly in your docs, but there is no mention of the previous one (only in this page)

    Are these two options related or overlapping?

    Many many thanks

    FYI: I am running WP Cerber Security 9.5.3. in the Standard mode. Redis object cache is active and love and depend on your plugin very much!!

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi there!

    Check if you’re facing a cache issue, possibly caused by a plugin or your server. Are there any logs in the debugger?

    Plugin Author gioni

    (@gioni)

    Your documentation suggests this is only effective when a custom login page has been set, in which case maybe this option should only be selectable once the custom login is set?

    No. It’s because a website admin can use another plugin to create a custom login URL.

    Also completely on-topic, the configuration item earlier in the list “Processing wp-login.php authentication requests” gives a drop-down of possible values which you explain clearly in your docs, but there is no mention of the previous one (only in this page)

    They are not directly related. If “Requests to wp-login.php are strictly prohibited” is enabled, WP Cerber blocks an IP address after any request to wp-login.php. This indeed prevents anyone from being authorized. However, the primary aim of this feature is to block malicious IP addresses in a more proactive and aggressive manner. It assumes that a website doesn’t have any links to wp-login.php. Regrettably, this is not always true as some developers still hard-code wp-login.php into their themes and plugins.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Requests to wp-login.php are strictly prohibited’ is closed to new replies.