Update V80.0.22 Broke Wordpress Admin logins?

[dru5412]

I have 4 servers running WHM/CPANEL

2 running 80.0.20 (manual updates) All working fine.

2 auto updated to 80.0.22

The issue is that since this update NO Wordpress sites can access /wp-admin

It's hitting the wp-login.php redirect loop and timing out.

Have tried the usual, clearing cookies, renaming .htaccess


This is affecting ALL Wordpress sites on the server, so cant see it being a theme or plug in on one particular wordpress install....

Have an emergency ticket raised with support but if anyone has any ideas, would welcome them.

Thanks

 

[nixuser]

What does the error logs say?

 

[dru5412]

Nothing. The Error Log has no entries about this loop. Or not that I can see

 

[nixuser]

Please check the error_log files in the account directories.

 

[dru5412]

I have checked the error log files both on apache and in the users folders, there are no entries that show any error relating to WP-LOGIN.PHP redirecting.

 

[dru5412]

Cause found and temp rectified.

Mod_Security rule was triggering.

Disabling 33302 & 33303, whilst not ideal at least means all my customers can access wordpress again...

Will now try to resolve the issue with Mod_Security Vendor.

But it seems the version of CPANEL IS NOT TO BLAME..


Rule ID: 33302

Name: Bruteforce RBL block


Raw Rule:

# Bruteforce RBL persistent storage check SecRule REQUEST_URI "/wp-login\.php|/xmlrpc\.php" "id:33302,chain,phase:2,t:none,deny,nolog,auditlog,msg:'Bruteforce RBL block||T:APACHE||MV:%{MATCHED_VAR}',tag:'i360'"

SecRule IP:rbl_brute "@eq 1"

 

[nixuser]

Glad that it is sorted out.

 

[cPanelMichael]

Hello @dru5412,

I'd like to see if I can reproduce this issue internally. To confirm, were you using a custom Mod_Security ruleset on this server or on this account? Or, were you using the default rules from a vendor such as OWASP or Immunify360?

Thank you.