siddigsami

any one ?

Hi @siddigsami,
Thanks for the suggestion.
The main problem in this case is that the cookie based feature is blocking people at the Apache level, ie, via .htaccess. Therefore we cannot use the solution you kindly offered together with the cookie brute force feature because the user will be blocked before any PHP code is executed.

sorry , i just got you ??

• This reply was modified 7 years, 8 months ago by siddigsami.

Hi @wpsolutions
any solution yet?

The main issue is that if we let bbpress members get past the cookie brute force apache blocking, they will inherently have access to the normal WordPress backend login page and we don’t want anyone except WP admins and users to have access to that page because then they will have the opportunity to attempt brute force attacks – which defeats the purpose of this feature.

as i said we can block access to the wp-admin from subscriber by this code

* Redirect back to homepage and not allow access to
 * WP backend for Subscribers.
 */
function rkk_redirect_admin(){
    if ( ! current_user_can( 'edit_posts' ) ){
        wp_redirect( site_url() );
        exit;
    }
}
add_action( 'admin_init', 'rkk_redirect_admin' );

there`s a role in the plugin that block login if the user name was not in the database
then it possible to check user name on database
if so , i think there`s way to check if the user had “Subscriber” Role then we will exclude hem from cookie based brute force , and we can make hem login directly in bbpress , ofcourse after preventing hem from accessing wp-admin by the above code

• This reply was modified 7 years, 8 months ago by siddigsami.

sorry, duplicated replay ??

@wpsolutions Thank you for your response , I appreciate it
i suggest considering the following solution
the Cookie Based Brute Force prevent unknown login attempt
so the login attempt of the subscriber of the bbpress sound like a known attempt
we want to make the subscriber login to the forum from bbpress login , and we dose`t want him access the wp-admin

the following code From do so :

https://codex.bbpress.org/layout-and-functionality-examples-you-can-use/#25-restricting-user-access-to-the-wordpress-backend

* Redirect back to homepage and not allow access to
 * WP backend for Subscribers.
 */
function rkk_redirect_admin(){
    if ( ! current_user_can( 'edit_posts' ) ){
        wp_redirect( site_url() );
        exit;
    }
}
add_action( 'admin_init', 'rkk_redirect_admin' );

if there is way to make the Cookie Based Brute Force accept the subscriber as known login attempt and exclude it by checking the login if it is from subscriber then passing it and redirect the subscriber to the forum if the login attempt happened from the bbpress login page and also prevent him from accessing the wp-admin , if it`s not a subscriber ( unknown user ) then we block him .

• This reply was modified 7 years, 9 months ago by stephencottontail.
• This reply was modified 7 years, 9 months ago by siddigsami.
• This reply was modified 7 years, 9 months ago by siddigsami.

Thank You @mbrsolution please let`s me know .

no i didn`t change it , it was pointed to https://127.0.0.1 .
i believe that the Cookie Based Brute Force redirect all login attempt that was happen from outside the secret page (eg. wp-admin – bbpress login ) .
in bbpress it check the login if the login happened from the secret page then it`s ok , if not then it redirect the login attempt to the https://127.0.0.1 .
what can i do to make successful login from bbpress login page to the forum while the Cookie Based Brute Force is activated ???