mwschaff
Forum Replies Created
-
Great. I really appreciate you help so much. I’m mark this as resolved.
Everything except custom login URL (which is turned off) seems to be working fine.
I see on the Brute Force/Login Whitelist “Only the addresses specified here will have access to the WordPress login page.” so that explains why I couldn’t get in without adding my new IP address.
All that remains are the questions so I better understand all this
- what caused all this?
- does this mean I should not use cookie based brute force prevention? Should I not use custom URL?
- The “Cookie based brute force login prevention” is disabled by the line I added to wp-config and also the toggle switches in the app are turned off – should I now remove the line from wp-config?
Again, thank you so much for your help
Ok – making progress. I added my IP address to Brute Force/Login Whitelist and can now get to the login page via a web page.
This whole thing has my head spinning. LOL
Further investigation seems to indicate there is no wp-admin.php in WordPress Rather the login is domaninname/wp-admin/
when i go the domainname/wp-admin/ I get
Access to mikeschaffnerphotography.com was denied
You don’t have the user rights to view this page.
HTTP ERROR 403
Thank you so much for your help.
First the good new. I added “define(‘AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION’, true);” to wp-config.php and that worked! I looked at the cookie based brute force settings and nothing seemed out of order. I also looked at lists: Locked IP addresses is empty; Permanent block list – most recent entry is beginning of January weeks before the issue started; Audit logs looked normal. In the firewall Blacklist is empty; the allow list was also empty but I’ve added my IP address.
The bad news is that while I can access the WP dashboard through my hosting service (Bluehost) I can no longer can access it directly through the web. It appears that wp-admin.php is missing. In CPanel File Manager I searched for it and although I could find a wp-admin folder there was no php file. I know I didn’t delete it.
Some questions:
- what caused all this?
- does this mean I should not use cookie based brute force prevention?
- what happened to wp-admin.php and I can I get it back?
Again thank you for your help.
Additional actions regarding htaccess file
I’ve reset the file by removing the AIOS segment as outlined in the pinned post from Tips and Trick using Option 3 – removing the lines. This did not help.
I also replaced the .htaccess with a .htaccess.backup file. This did not help either.
Additional information – I have tried the following:
Change php version from 8.3 to 8.1 – with no effect
Thinking somehow my ip address got blacklisted in AIOS (I don’t know why that would happen as there were no mulitple login attempts and deleting the plugin and reinstalling should have been a clean re-install) I tried the following
- used a VPN to get a new address – no impact
- used a VPN from another country to get a second new IP – no impact
- swapped out the router and also gave a new IP address – no impact
The only changes I made to this issue arising is plugin updates (AIOS won’t activate even with all other plugins deactivate) and writing a blog post. The issue did not surface until hours after the plugin updates.
Thank you
@hjogiupdraftplus you asked ”?if you have cleared the cache and still the comments are marked spam ?” Unfortunately the answer is I don’t know. Within wpDiscuz the is the option to “Purge Comment and User Caches” I only do that when the is a wpDiscuz plugin update as they always recommend to purge cache after updating.
With the “Detect spambots” turned on people were able to make a comment. It was just that all comments were considered spam. WP does not notify you that a spam comment was submitted so unless you happen to check the comment just sits in the spam folder. I was able to find a spam notifier plugin that notified me every time a spam comment was submitted. That is a work around the issue. For the time being I’ve turned it off and re-evaluate if too many spam comments come in. I look forward to the change in a future release. Thanks for your help.
Here is the link https://pastebin.com/8zWWrQNK
The issue is not specific to that link. All the posts on my blog allow comments. Currently the “Detect Spambots” option is turned off.
In terms of cache I use WP Fastest Cache plugin. For comments I use wpDiscuz plugin with the “Enable Cache” setting on.
Thanks for your help
Forum: Plugins
In reply to: [Twenty20 Image Before-After] 1.7.4 does NOT fix the Elementor problemThank you for the quick response. That seems to have done the job.
Forum: Plugins
In reply to: [Twenty20 Image Before-After] 1.7.4 does NOT fix the Elementor problempeterpp
I don’t know if there is download somewhere to get 1.7.3. I used a free plugin call “WP Rollback” that allows you to rollback plugins, theme updates etc. very easily.
Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] AIOS preventing loginI updated the plugin using the zip file and it appears to be working fine. Thank you so much for your help. I will mark it resolved.
Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] AIOS preventing loginThank you for the quick response and answer. I’ll give it a try and let you know the results