Wp-Login.php – 403 Forbidden Error Page

[Szabolcsx]

Helló!

Please help me:

I can not access wp-login.php login page.  If I delete or rename the root .htacces file via FTP then I can sign.
If the default .htacces I use a file, it will be good. But it’s not bulletproof.
If I use a bullet-proof once again .htacces file, it does not work on my site again.

“403 Forbidden Error Page

If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.”

Thank you, Szabolcs

[AITpro Admin]

Most likely this is being caused by the new Brute Force Login protection code.  We will be releasing a new version of BPS probably tomorrow.  You can manually delete  or modify this code for now. Thanks.

http://forum.ait-pro.com/forums/topic/403-error-after-upgrading-to-version-49-3/

[Szabolcsx]

Thank You!

Unfortunately I still have the same problem. The code manually replace and the 49.4 update did not correct it …onlinekampanykeszites.hu/wp-login.php

[AITpro Admin]

I checked your site and see the 403 error on the login page.  Remove the new code entirely.  Does the 403 error still occur on your login page after removing the code?

[Szabolcsx]

Thank you!

I removed this code into root file .htacces:

# BRUTE FORCE LOGIN PAGE PROTECTION
# Protects the Login page from SpamBots & Proxies
# that use Server Protocol HTTP/1.0 or a blank User Agent
RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$
RewriteCond %{HTTP_USER_AGENT} ^(|-?)$ [NC,OR]
RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
RewriteRule ^(.*)$ - [F,L]

So good on the login page.

This is safe?

[AITpro Admin]

This code works extremely well to block hacker bots and spammer bots so we want to find something that works for everyone.  We are now trying to isolate what exactly in the code may not work for certain Hosts/Servers so that we can get some working modified code out to folks who cannot use the other code.

If you are willing to test these different modifications of the code that would be very much appreciated.

Please test this code below and let me know the results.

# BRUTE FORCE LOGIN PAGE PROTECTION
# Protects the Login page from SpamBots & Proxies
# that use Server Protocol HTTP/1.0 or a blank User Agent
RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
RewriteRule ^(.*)$ - [F,L]

Next test this code and let me know the results.

# BRUTE FORCE LOGIN PAGE PROTECTION
# Protects the Login page from SpamBots & Proxies
# that use Server Protocol HTTP/1.0 or a blank User Agent
RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
RewriteRule ^(.*)$ - [F,L]

Next test this code and let me know the results.

# BRUTE FORCE LOGIN PAGE PROTECTION
# Protects the Login page from SpamBots & Proxies
# that use Server Protocol HTTP/1.0 or a blank User Agent
RewriteCond %{REQUEST_URI} ^/wp-login\.php$
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
RewriteRule ^(.*)$ - [F,L]

[Szabolcsx]

Unfortunately, none of them is not a good code …

[AITpro Admin]

Oh well.  It was worth a try.  Unfortunately, on your Server you cannot use the Brute Force Login protection code.  This code is designed to block hacker bots and spambots that use Server Protocol HTTP/1.0 so unfortunately your Server does not allow using this code.  Thanks for trying.  Very much appreciated.

[Author]

Posts