Symptoms
-
The login button for WordPress, Typo3 or other CMS in Plesk is not working: it redirects to the application login page with empty credentials fields.
-
Login to PHP application using POST request fails without any error messages.
Cause
Login mechanism is broken by ModSecurity Tradeoff/Thorough modes, enabled in Plesk > Tools & Settings > Web Application Firewall > Settings. These modes include analysis of POST data that lead to changing sending packets.
Resolution
Log into Plesk and apply one of the following solutions:
- Switch ModSecurity mode to Fast on Plesk > Tools & Settings > Web Application Firewall (ModSecurity) > Settings: this mode does not include analysis of POST data.
-
Disable ModSecurity for a domain via Plesk > Domains > example.com > Web Application Firewall.
-
Forbid ModSecurity to access request bodies by setting SecRequestBodyAccess Off directive at Plesk > Tools & Settings > Web Application Firewall > Settings > Custom directives