Hello,
I’v migrated my site to another hosting provider (cloud hosting). Since then I can not activate the brute force protection functionality. In the previous hosting (shared one), the plugin funtionality was working good.
Now the plugin does a compatibility test and then it ends with the “No response from server” error message.
Having read your foro, It seems the issue could be related to the rewrite rules.
Some background in case it can help:
- WordPress is installed in a subfolder “public_html/subfolder/”, where the wp-config.php is located.
- There are .htaccess files in both the subfolder and in the root public_html.
Thanks for your work in the plugin and your support,
Miquel
Does your new server run nginx or apache? rewrite rules only work in apache so my brute-force patch does not work in nginx.
The main server is running Apache. There’s asecondary nginx server for static files.
In case it can help understanding the scenario, below a link with a screenshot of the active services running in the cloud server.
https://drive.google.com/file/d/0B8ZDp_ulQ7nyTjkycFBuYkJRQnM/view?usp=sharing
Thanks.
Check your browser’s Error Console to see if there are any JavaScript errors on the page when you get the “No response from server” error message. Then check your servers’s error_log files to see if there is any indication as to what exactly is not working right.
The borwser console is printing this error:
Refused to execute script from ‘https://keyelp.com/xxxxxxx/wp-content/plugins/gotmls/images/gotmls.js?SESSION=0′ because its MIME type (‘image/gif’) is not executable.
I’ve checked the folder and there is no gotmls.js located in this directory .
I hope this info can help.
Thanks
Yes, there is no gotmls.js located in that directory, but there is a rewrite rule in the .htaccess file that is in that directory which should allow it to generate dynamic JavaScript content (not “image/gif” content).
Can you test something for me? Can you make a new file called test.php in that same directory and put this code in that file:
REQUEST_URI=
< ?php echo htmlspecialchars($_SERVER["REQUEST_URI"], ENT_QUOTES); ?>
Then call up that file in your browser and tell me what it says?
Seems to work OK:
REQUEST_URI= /sp/wp-content/plugins/gotmls/images/test.php
Screenshot attached:
https://drive.google.com/open?id=0B8ZDp_ulQ7nyUFVEa0FyU2NDTWc
For your information, in case it could be related with this issue, I had to change the directory permissions and ownership, to be able of uploading (ftp) the test.php file.
Does it make sense to uninstall and reinstall the plugin??
Thanks,
That does seem to work as I expected, so I’m not really sure why the rewrite is not working correctly.
The next step would be to put this code in your test.php file:
< ?php
if (preg_match('|(.*?/gotmls\.js\?SESSION=0)|', GOTMLS_script_URI, $match))
print_r(array(GOTMLS_script_URI=>$match));
else
print GOTMLS_script_URI;
?>
I tried this script, but it seems the constant GOTMLS_script_URI is not defined.
The script is printing it as a string. See screenshot with PHP error messages:
https://drive.google.com/open?id=0B8ZDp_ulQ7nyS1h4NG96VmphSUk
I’ve taken the initiative to do a further test, by pasting the small script at the end of the index.php file . I’m assuming the constant is defined in this file. When calling the modified index.php file, a small square was printed at the top left side where before it used to print a small GOTMLS logo.
I’ve reverted the change. Still the small square is printed. Below a link to the screenshot with the square, just in case it has any importance…
https://drive.google.com/open?id=0B8ZDp_ulQ7nyTE9QWHhMWndXbzg
Thanks
Ah, yes. Now try changing the .htaccess file in that directory so that it redirects to test.php instead on index.php and then call up that gotmls.js path in your browser.
I’ve changed the htacces a per your indications, and the same php message was printed. ?undefined constant’ (screenshot attached).
https://drive.google.com/file/d/0B8ZDp_ulQ7nyaWFFZjBTMkIteVk/view?usp=sharing
Again I’ve done a furtehr test. Now I’ve copied your script followed by an ‘exit;’ instruction above line 94 of the index.php file, where I’ve seen you’re checking the content of this constant. This time it printed:
/sp/wp-content/plugins/gotmls/images/gotmls.js&mt=1474278354.9215
screenshot:
https://drive.google.com/file/d/0B8ZDp_ulQ7nyeXhRNDI5aFRXVVE/view?usp=sharing
Hope it helps. Thanks.
I am not getting that same result so I think you must have put more code in there from the index.php file. I am trying to debug and isolate the exact conditions that are not being met for the if statement to produce that error you are getting. Would it be possible for you to create an admin login for me so that I can login to this site and debug the code in-place?
If so, You can email the login details dorectly to me: eli AT gotmls.net
Hello,
Somedays ago, I sent by email the credentials to go into the site.
Did you receive it and manage to check the issue yet?
One more question. Can the brute forze protection be enabled on other login pages, apart from the default wp-login.php?
I mean, my site has another login page (deployed by the Woocommerce plugin). Is there a way to configure GOTMLS to protect this other page too?
Thanks.
Hello again,
Did you have the chance to check it yet?
If you think you’re not going to do it in the near futre, let me know, as I would remove the sever clone. It’s been created just for this test and it’s costing some money.
Regarding my question above: “Can brute forze protection be enabled for other login pages?” If the answer is not, as I think it is, then I’d probaly just block the access to wp-login.php, as the normal user flow is registering on other forms in the website.
I’d then use the plugin for virus scannning and forget about brute force.
Thanks,
Miquel
I have spent quite some time debugging multiple issues on this test site that you gave me access to. First, I found that some of the rules in your .htaccess files were preventing the rewrite rule in my plugin directory from working properly. After fining a workaround for that problem I found that your server was not able to save and retrieve a session file. The directory where session files are stored has the following permissions: drwx-wx-wt
