wp-admin and single product page redirects to 127.0.0.1

Hi @svenpeter,

In extra of cookie base brute force below are some other reason the user gets redirected 127.0.0.1 but if it is issue for accessing wp-admin mostly it is cookie based brute force.

1. User IP is blocked

2. If AIOS premium installed and country blocking on with redirect 127.0.0.1 and if visited from that country.

3.404 lockouts

4. Honey pot enabled.

I can see the login page loads with htaccess username and password.

Do the issue is after you enter the correct username and password?

Can you please try access with another network where IP is changed and hope it allows you login if your IP blocked.

define(‘AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION’, true) in wp-config.php please add this also to make sure it is not cookie based brute force.

Regards

Hi,
Thank you for your fast reply, that is helpful.
Well, from the list you have above, I can let you know the following:
1. Yes we have some IP blocks in the htacess (made from lists of visitors with bad intent – but our IP is not in the list). Should I try to remove the complete list from the htacess?
2. AIOS premium – I do not think we have this, we only have the All In One WP Secutriy version 5.1.8.
3. 404 lockouts, I do not what you mean on this, but I do get into the wp-admin page when using incognito Thor browser. I also get into single product pages (which is a problem in Safari and for some customer visitors)
4. Honey Pot was enabled, I have now removed this, but there is no change (I tried cleaning cache first).
5. Yes, we do have a first line of password and user name, this we normally do not have to insert as a regular visit. But now we do not even get to this, as as soon as I enter the address to the wp-admin page, we get the 127.0.0.1 fault.
6. How do I try to log in from another IP (or change IP), I do not know how to test this right now I think.
7. I got help from our web hotel to change the line in the wp-config.php, this did not help.
Many thanks for further advice to find a solution please.
Best regards, Peter

Hi @svenpeter

IF I try access the wp-admin it shows me login page do not redirects to 127.0.0.1 https://www.toplift.se/wp-login.php it loads so please cross check try access that hope it is not the cache issue in your local.

https://snipboard.io/yQI2FJ.jpg

Please take backup of htaccess file and Yes you can try disable the Blocked IPs form htaccess, you should remove all code between below two lines and try

“BEGIN All In One WP Security”
“END All In One WP Security”

Also if still issue rename the plugin folder “all-in-one-wp-security-and-firewall” to “all-in-one-wp-security-and-firewall-old” /wp-content/plugins/all-in-one-wp-security-and-firewall, It will deactivate the plugin and you can make sure it is the all in one security plugin making issue.

Regards

Hi,
Thanks for your reply. Well, the first point was kind of expected, as also I can reach it using the incognito browser. So, this issue apparently only happens to some visitors and not all.

OK, I will remove all the IP blocks to see if that helps (will give access to a lot of visitors we do not like though).

Yes, it that does not work, I will try also to deactivate.
Will get back to you with information.

Many thanks. Peter

Hi again,
Sorry, should I also try to remove everything from the START to END All in one WP Security in the htacess? Would I then not loose all my settings? I do not think I can remember every setting I made in the plugin…
Many thanks Peter

Hi @svenpeter

You should take back up of htaccess first and as said once removed it should be added back again. It is just to cross check that blocked IP in htaccess is not the issue.

IF you remove the code in htaccess it will not remove the settings you saved it is in DB. Htaccess file rules will be written again you have to deactivate and activate the plugin again.

• This reply was modified 1 year, 6 months ago by hjogiupdraftplus.

Hi,
I tested to remove all the manual IP-numbers now that were on deny. There is no change, I can still visit the web page on many pages, but not the wp-admin page and not the singel product page (I would have thought that IP block does prevent anyone to enter anywhere on the site, not just these two pages? Anyways, it still appear this way.

Just so I understand you correct, you now want me to remove all information in the htacess (I have a backup) and upload to the FT?

Then you would you want me to change name of the folder (to inacitavet plugin) – would this also be possible from the admin panel, just inactivate the plugin?

And is it necessary to first remove the information in the htaccess?

Final questions, I understand you expect the program to insert the information I remove again into the htaccess?

Just so I know what to expect and in what order to do things (and if I should change name or use the admin panel to inacitvate).

Many thanks. Peter

Hi @svenpeter

No it is not required to remove information from htaccess right now.

Rename the plugin folder “all-in-one-wp-security-and-firewall” to “all-in-one-wp-security-and-firewall-old” /wp-content/plugins/all-in-one-wp-security-and-firewall,

It will make plugin code inactive and please try login If it works you are logged in now.

Rename folder back to the “all-in-one-wp-security-and-firewall” and let me know. ( Issue will be back on rename folder )

Regards

Hi,
Thank you. Tested this now. It works just as you say. When I rename the folder, I can log in again. When I put the name back, it creates the same issue again.
What to do now?
Many thanks in advance. Peter

Hi @svenpeter

Please cross check {db_prefix}aiowps_permanent_block table in database and if it has your IP address please remove it.

Regards

Hi,
Well, I will try to check this in just a moment. But, this is a little worrying perhaps (if this is the case), then for the other customers that has gotten back to me that have experienced the same issue, do you mean there is a risk that many (just how many) customers have neen inserted in our database as IP-block – that would NOT be a good thing…!
But I will first try to see if my IP (if constant) is in the database.
Best regards, Peter

Hi,
I have now checked the list of permanent blocks in the database, only 10 of them at the moment, mine current is not on the list.
However, I also get an error message when going into the database. I. can show this to you, but only if I know it is a secure thread this (or if you want to send secure section to provide info in). I do not know if this error message have an effect on what we are now investigating?
Many thanks in advance. Peter

Hi @svenpeter

Redirect 127.0.0.1 is might be due to the blocked IP please cross changing its value a bit.

Also you can share that info using https://pastebin.com/ burn after read. So can be read only once.

Hi,
I am sorry, I do not undertand the first part in your answer, please explain a little more what to do.

The second part is no issue now, I got help from the web hotel to solve this. So does not effect this, and is no longer an issue.

Many thanks for getting back to me.

Best regards, Peter

Hi @svenpeter

Redirect 127.0.0.1 is might be due to the blocked IP please cross changing its value a bit. so blocked IP is 2401:4800:1f2f:1e63:5885:9887:f41b:b357 you may change it to 1401:4800:1f2f:1e63:5885:9887:f41b:b357 and if
127.160.121.94 change it to 117.160.121.94

As you are saying your IP is not in list and still you are being redirected to 127.0.0.1 want to make sure correct IP detection is there.

Regards