On October 19, 2021, we have enabled single-sign-on for our Plesk Support Center to provide a seamless login/account experience. This implies that you’ll be able to use a single account across any of our web-facing properties.
If you had already registered your account at Plesk 360 (formerly known as My Plesk) please use one for login. Otherwise please re-register it using the same email address as your existing Zendesk login (support account). It’s essential that you use the same email address on our support center to ensure that your tickets stay attached to the same account.

Articles in this section

See more

Login to WordPress or PHP application fails without any error messages, when ModSecurity is enabled in Plesk

Avatar
Stefan Yakubov
Updated
Follow
Plesk Obsidian kb: technical ext: wptk ABT: Group B

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Symptoms

  • The login button for WordPress, Typo3 or other CMS in Plesk is not working: it redirects to the application login page with empty credentials fields.

  • Login to PHP application using POST request fails without any error messages.

Cause

Login mechanism is broken by ModSecurity Tradeoff/Thorough modes, enabled in Plesk > Tools & Settings > Web Application Firewall > Settings.  These modes include analysis of POST data that lead to changing sending packets.

Resolution

Log into Plesk and apply one of the following solutions:

  1. Switch ModSecurity mode to Fast on Plesk > Tools & Settings > Web Application Firewall (ModSecurity) > Settings: this mode does not include analysis of POST data.

  2. Disable ModSecurity for a domain via Plesk > Domains > example.com > Web Application Firewall.

  3. Forbid ModSecurity to access request bodies by setting SecRequestBodyAccess Off directive at Plesk > Tools & Settings > Web Application Firewall > Settings > Custom directives

    Indexable text here

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles