Knowledge Base

Login to WordPress or PHP application fails without any error messages, when ModSecurity is enabled in Plesk

 
cmsdomainsfirewallphpplesk for linux

Symptoms

  • The login button for WordPress, Typo3 or other CMS in Plesk is not working: it redirects to the application login page with empty credentials fields.

  • Login to PHP application using POST request fails without any error messages.

Cause

Login mechanism is broken by ModSecurity Tradeoff/Thorough modes, enabled in Plesk > Tools & Settings > Web Application Firewall > Settings.  These modes include analysis of POST data that lead to changing sending packets.

Resolution

Log into Plesk and apply one of the following solutions:

  1. Switch ModSecurity mode to Fast on Plesk > Tools & Settings > Web Application Firewall (ModSecurity) > Settings: this mode does not include analysis of POST data.

  2. Disable ModSecurity for a domain via Plesk > Domains > example.com > Web Application Firewall.

  3. Forbid ModSecurity to access request bodies by setting SecRequestBodyAccess Off directive at Plesk > Tools & Settings > Web Application Firewall > Settings > Custom directives

    Indexable text here

Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2022 Plesk International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of Plesk International GmbH.

Managed with 💙  with Plesk WP Toolkit
Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt