Articles in this section

See more

Login to WordPress or PHP application fails without any error messages, when ModSecurity is enabled in Plesk

Avatar
Kuzma Ivanov
Updated
Follow

Applicable to:

  • Plesk 12.5 for Linux
  • Plesk Onyx for Linux
  • Plesk 12.5 for Windows
  • Plesk Onyx for Windows

Symptoms

  • The Log In button for WordPress instance in Plesk is not working: It redirects to WordPress login page with empty credentials fields.

  • Login to PHP application using POST request fails without any error messages.

  • ModSecurity is enabled and its configuration set to Tradeoff or Thorough mode at Tools & Settings > Web Application Firewall > Settings tab.

Causes

ModSecurity Tradeoff and Thorough modes include analysis of POST data, which breaks login mechanism.

Resolution

Apply one of the following solutions:

  • Switch ModSecurity mode to Fast at Tools & Settings > Web Application Firewall > Settings.

  • Switch ModSecurity off for a domain at Domains > example.com > Web Application Firewall.

  • Forbid ModSecurity to access request bodies (Windows Server):

    1. Connect to a Plesk server via RDP.

    2. Open the file C:\Program Files\ModSecurity IIS\modsecurity.conf in a text editor and set the "SecRequestBodyAccess" setting to "Off":

      CONFIG_TEXT: SecRequestBodyAccess Off

    3. Restart IIS web-server via a command prompt:

      C:\> iisreset

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles