Login to WordPress or PHP application fails without any error messages when ModSecurity is enabled in Plesk for Windows

Ivan Kamnev

Updated May 24, 2022 12:15

Plesk for Windows kb: fixed kb: bug ext: wptk ABT: Group B

Applicable to:

The login button for WordPress, Typo3 or other CMS in Plesk for Windows is not working: it redirects to the application login page with empty credentials fields.
ModSecurity Tradeoff/Thorough modes are enabled in Plesk > Tools & Settings > Web Application Firewall > Settings.
Login to PHP application using POST request fails without any error messages.

Product issue:

#PPPM-13504 "When users select the “Tradeoff” or “Thorough” configurations in ModSecurity, they now see the confirmation dialog, which informs that these configurations may disrupt operation of WordPress websites."
Fixed in:
- Plesk Obsidian 24 May 2022 (Windows)

Please consider updating your server:

If update is not possible for some reason you may try the following

workaround

Until the bug will be fixed, apply the following workaround:

Log into Plesk.
Go to Tools & Settings > Web Application Firewall (ModSecurity) > Settings.
Add the line below into the Custom directives field:

CONFIG_TEXT: SecStreamInBodyInspection on
Scroll down and press the OK button to apply the changes.