Update V80.0.22 Broke Wordpress Admin logins?
I have 4 servers running WHM/CPANEL
2 running 80.0.20 (manual updates) All working fine.
2 auto updated to 80.0.22
The issue is that since this update NO Wordpress sites can access /wp-admin
It's hitting the wp-login.php redirect loop and timing out.
Have tried the usual, clearing cookies, renaming .htaccess
This is affecting ALL Wordpress sites on the server, so cant see it being a theme or plug in on one particular wordpress install....
Have an emergency ticket raised with support but if anyone has any ideas, would welcome them.
Thanks
-
What does the error logs say? 0 -
Nothing. The Error Log has no entries about this loop. Or not that I can see 0 -
Please check the error_log files in the account directories. 0 -
I have checked the error log files both on apache and in the users folders, there are no entries that show any error relating to WP-LOGIN.PHP redirecting. 0 -
Cause found and temp rectified. Mod_Security rule was triggering. Disabling 33302 & 33303, whilst not ideal at least means all my customers can access wordpress again... Will now try to resolve the issue with Mod_Security Vendor. But it seems the version of CPANEL IS NOT TO BLAME.. Rule ID: 33302 Name: Bruteforce RBL block Raw Rule: # Bruteforce RBL persistent storage check SecRule REQUEST_URI "/wp-login\.php|/xmlrpc\.php" "id:33302,chain,phase:2,t:none,deny,nolog,auditlog,msg:'Bruteforce RBL block||T:APACHE||MV:%{MATCHED_VAR}',tag:'i360'" SecRule IP:rbl_brute "@eq 1" 0 -
Glad that it is sorted out. 0 -
Hello @dru5412, I'd like to see if I can reproduce this issue internally. To confirm, were you using a custom Mod_Security ruleset on this server or on this account? Or, were you using the default rules from a vendor such as OWASP or Immunify360? Thank you. 0
Please sign in to leave a comment.
Comments
7 comments