- Plesk for Linux
- Plesk for Windows
The Log In button for WordPress, Typo3 or other CMS in Plesk is not working: it redirects to application login page with empty credentials fields.
Login to PHP application using POST request fails without any error messages.
ModSecurity is enabled and its configuration set to Tradeoff or Thorough mode in Plesk > Tools & Settings > Web Application Firewall > Settings.
ModSecurity Tradeoff and Thorough modes include analysis of POST data, which breaks a login mechanism.
Log into Plesk and apply one of the following solutions:
Switch ModSecurity mode to Fast on Plesk > Tools & Settings > Web Application Firewall (ModSecurity) > Settings: this mode does not include analysis of POST data.
Disable ModSecurity for a domain via Plesk > Domains > example.com > Web Application Firewall.
Forbid ModSecurity to access request bodies (Windows Server only):
Connect to the server via RDP.
Open the file
C:\Program Files\ModSecurity IIS\modsecurity.confin a text editor and set the SecRequestBodyAccess setting to the Off value:
CONFIG_TEXT: SecRequestBodyAccess Off
Restart IIS webserver via a command prompt: