Articles in this section

See more

Login to WordPress or PHP application fails without any error messages when ModSecurity is enabled in Plesk for Windows

Avatar
Ivan Kamnev
Updated
Follow
Plesk for Windows kb: fixed kb: bug ext: wptk ABT: Group B

Applicable to:

  • Plesk for Windows

Symptoms

  • The login button for WordPress, Typo3 or other CMS in Plesk for Windows is not working: it redirects to the application login page with empty credentials fields.
  • ModSecurity Tradeoff/Thorough modes are enabled in Plesk > Tools & Settings > Web Application Firewall > Settings.

  • Login to PHP application using POST request fails without any error messages.

Cause

Product issue:

  • #PPPM-13504 "When users select the “Tradeoff” or “Thorough” configurations in ModSecurity, they now see the confirmation dialog, which informs that these configurations may disrupt operation of WordPress websites."
    Fixed in:

Resolution

Please consider updating your server:

Workaround

If update is not possible for some reason you may try the following

workaround

Until the bug will be fixed, apply the following workaround:

  1. Log into Plesk.

  2.  Go to Tools & Settings > Web Application Firewall (ModSecurity) > Settings.

  3. Add the line below into the Custom directives field:

    CONFIG_TEXT: SecStreamInBodyInspection on

  4. Scroll down and press the OK button to apply the changes.

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles