Skip to main content
Sign in

CloudLinux Knowledge Base

  1. CloudLinux
  2. Imunify Security Products
  3. Articles

I cannot access my WordPress website

Anna
  • Updated

 

 

 

If in the Apache error log file you can see entries like:

[Mon Jan 04 11:18:06.482286 2021] [:error] [pid 13340:tid 47768530953948] [client 1.2.3.4:0] [client 1.2.3.4] ModSecurity: Access denied with redirection to https://imunify-alert.com/compromised.html?SN=example.com&SP=8443&RFR=&URI=/wp-login.php&cms_name=wordpress&version=1 using status 302 (phase 2). Matched phrase "/0000/" at TX:wp_passwd. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/002_i360_2_bruteforce.conf"] [line "97"] [id "33355"] [msg "IM360 WAF: WordPress login weak password||T:APACHE||NAME:user||User:user||"] [severity "NOTICE"] [tag "service_i360"] [hostname "example.com"] [uri "/wp-login.php"] [unique_id "X-LrXhEqW23wfUkXqwb@hgBBAA0"]

This means that WordPress Account Compromise Prevention is working for domain example.com hosted on the server.

 

The WordPress Account Compromise Prevention feature is intended to enforce password complexity for the WordPress user interface only.

1. Let's assume the customer created domain example.com and installed WordPress there. They used the following credentials to access the admin interface:

user
qwerty

The credentials can be guessed easily, and this website will soon be compromised.

2. Once the WordPress Account Compromise Prevention feature is enabled, the password does not change automatically. However, the owner of the 'example.com' website, upon the attempt to log in with password 'qwerty', will be redirected to a separate page and advised to change the password.

To sum it up:

  • The user will be aware that it is recommended to change the WordPress password. *
  • The password will not be changed automatically.
  • The feature applies only to weak WordPress passwords. It does not track weak cPanel / FTP passwords.

You can find more information on the WP ACP setup here.

* In case you don't have access to your WordPress admin email and thus the Lost your password? option can not be used, please reset your password

  • via wp-cli or
  • directly in the database (with the help of a tool like phpMyAdmin).

Comments

0 comments

Please sign in to leave a comment.

Related articles