Mod_Sec Still Disabling Login
I have gone through all of the steps included on the article describing how to lock down a WordPress site, including running all of our traffic through CloudFlare. Also, I have disabled Mod_Sec, through the Cpanel, but I still get locked out sometimes when logging in using the "Wordpress Social Login Plugin".
I don't understand why the security package is still in place if I have gone through the steps to disable it. Any ideas what might be going on?
Our site is www2.ywammontana.org
I don't understand why the security package is still in place if I have gone through the steps to disable it. Any ideas what might be going on?
Our site is www2.ywammontana.org
Thanks for the question and sorry for the continuing login issues iwht WordPress. We investigated it and found that the subdomain "ww2.ywammontana.org" was still being covered by the modsec rules. Even though you turned it off for the domains, the apache server was not recognizing it as being turned off for that particle URL. I spoke with one our systems people who verified this and has applied an exception rule so that the subdomain is no longer affected the modsec rules. This should take care of your problem.
Make sure to clear your browser cache and then test it again. If you continue to have issues with it, please let us know.
Have a great weekend!
Arnel C.