WP Cerber prevents Ajax Login

WPStylish_Admin · December 4, 2024, 7:01am

Hi,

When I use WP Cerber with a plugin that is having Ajax Login, such as WP Nextend Social Login, and Madara (a manga theme & plugin), the login function breaks.

These lines do not work in Ajax call

wp_set_current_user ( $user->ID, $user_data['user_login'] ); // Set the current user detail
wp_set_auth_cookie  ( $user->ID ); // Set auth details in cookiedo_action( 'wp_login', $user->user_login, $user );

I have tested:

If I disable WP Cerber plugin, the login works
If I enable WP Cerber plugin, and use the above code in a test request (non-ajax), it works

So it is WP Cerber to prevent ajax user login. How can I fix this?

Thanks a lot

Garry · December 6, 2024, 9:29am

Before setting the current user and the associated cookies, make sure to authenticate the user using wp_signon(). If the authentication process is skipped or not completed correctly according to WordPress standards, WP Cerber will block the login attempt to prevent unauthorized access.

To find out why WP Cerber is interfering with your AJAX login, check the Activity Log to see what’s happening with failed login attempts. Here’s how: Reproduce the issue from your computer, go to the Activity Log, and click My IP to filter the events for your activity. Look for denied login attempts. If an attempt is blocked, the log entry will show the reason. To get more details, click the ellipsis icon shown in the log entry.

WPStylish_Admin · December 6, 2024, 10:46am

Yes, wp_signon() is used. And as I said, if I disable WP Cerber, the ajax login works normally.

The activity logs are showing this, but I don’t understand properly. Could you explainh

Garry · December 6, 2024, 12:38pm

It seems you’re using an outdated version of WP Cerber. Please install the latest one or enabled automatic updates: https://wpcerber.com/automatic-updates-for-wp-cerber/

WPStylish_Admin · December 6, 2024, 3:52pm

Hello

The version is 9.6.4 which is the latest I believe

Garry · December 6, 2024, 5:15pm

It seems that you are using a non-genuine (modified) version of WP Cerber, as the label “User session ended” shown in your screenshot does not exist in the original WP Cerber plugin. Anyway, it looks like you have enabled the limit on the number of allowed concurrent user sessions, and the user have reached this limit. For more details, you can check this guide: https://wpcerber.com/limiting-concurrent-user-sessions-in-wordpress/.

WPStylish_Admin · December 7, 2024, 2:50am

Ah sorry for making you confused. The text is translated into English from Spanish

Garry · December 7, 2024, 12:16pm

To get WP Cerber’s pages rendered in English, you can enable “Use English for the plugin admin pages” in the main settings.

WPStylish_Admin · December 8, 2024, 3:43pm

Thank you.
But do you have other idea to debug the issue? As I said, If I add the wp_signon call in a direct request (for example in the ‘init’ action), I was able to log in. But if the wp_signon is called via a ajax request, it does not work.

Garry · December 9, 2024, 12:23pm

Based on your screenshot

WPStylish_Admin · December 10, 2024, 7:35am

Hi

I’ve tested to login using the initial admin account (ID 1), it works. But if I created another admin account and test, he cannot login. (session or login cookie cannot be added)

What could be the reason?

Garry · December 12, 2024, 4:41pm

A lot of things. Check the Activity log for details. Compare events related to both users and their IP addresses.