I allow one of my clients to login on the front end to do minor edits. I have been using ECC+ and Google NoCaptcha.
However he now gets a message that "The webmaster has forbidden your access to this site" ~~~/securitycheckpro.php on line 1203
What do I need to configure to allow this client to login to the front end and do minor edits?
There are three: the message on attempting to login on the front end of site, then I attempted tologin on the backend and got a similar message, then tried again to login on the backend and succeeded so the third attachment is the log file.
Last edit: 7 months 4 days ago by Jose. Reason: Avoid information disclosure
- Go to Waf configuration -> Filter exceptions -> Xss tab and set the "Filter all tags" dropdown to "No". This will avoid some false positives I see in the logs.
- The "user session protection" feature doesn't allow to be logged twice with the same account. If do you need that then go to Waf configuration -> User session protection and disable the "Forbid concurrent user logins" option.
Once thing more: the server is configured to show warnings and this could cause a path disclosure (you can see the entire path to my plugin in the third screenshot; this is why I deleted the screenshots). To avoid this on live sites you should go to System -> Global configuration -> Server tab and set the "Error reporting" dropdown no "None".