Troubleshooting login issues with WP Cerber

Although WP Cerber handles user authorizations smoothly, sometimes you (or your customer) can get into a situation when WP Cerber denies all attempts to log in with no obvious reason and you can’t get into the website dashboard. Usually, this happens when you’re trying to log in from a different device or a different browser. Follow the steps described in this article to get back into your website dashboard.

Getting back into the WordPress dashboard

If WP Cerber blocks your attempts to log in and you are unable to get into your WordPress dashboard, you need to log in by using a different Internet connection. For instance, use a mobile device instead of a landline (fiber) connection and vice versa. You can also use a different Internet provider. Alternatively, you can use your home Internet connection instead of an office one. The goal is using a different IP address. If this approach does not work, scroll to the last section of the article.

Once you’ve logged in, check the Activity log. In this article we describe two options.

Viewing all login issues

Go to the Activity log and click the “Login issues” button in the button bar above the log. WP Cerber will show you recent failed and denied attempts to log in. Now, inspect the information in the “Event” column.

You can see “Login failed” if invalid credentials were used. In most cases, it means an incorrect password. WP Cerber is not involved here because it doesn’t authorize users. Users are authorized by WordPress. In some cases, users are authorized by a plugin via a third-party service e.g., a social network.

If you see the “Attempt to log in denied” event, it means that WP Cerber denied the attempt to log in due to some violations. To understand the reason, see the label next to “Attempt to log in denied”. For instance, you see “IP address is locked out”. This means that at that moment the IP address used for logging in was locked out by WP Cerber. To get more details, click the IP address in the row. You will see all events related to the IP address. To view all login activities of the user, click the username in the “Username” column.

Checking login issues with a specific user account

To understand why a user has issues with logging in, go to the Activity log, start typing the username (login and email work as well) in the “Filter by registered user” field to find the user. Select the user from the drop-down list and click the “Filter” button. WP Cerber will show you a user panel and logged user activity.

On the right part of the user panel, a quick breakdown of user activity is shown. It contains clickable labels of user events. To get the list of all denied by WP Cerber attempts to log in, click “Attempt to log in denied”. If there is no such label on the panel, WP Cerber have not blocked the user at all.

For any “Attempt to log in denied” event WP Cerber shows a label that tells you the reason for it. For instance, you see “IP address is locked out”. This means that at that moment the IP address used for logging in was locked out by WP Cerber. If the IP address is still locked out, it is marked with a red square icon in the leftmost column of the log. You can unblock the IP address on the Lockouts tab.

If you click the “Login failed” label, you see all the user attempts to log in with an incorrect password. Please note that after the specified in the login security settings number of allowed attempts, the IP address of the user gets locked out. Currently locked out IP addresses are marked with the red square icons in the leftmost column of the log. If the current user IP address has such an icon in the log, the user is not allowed to log in. You can unblock the IP address on the “Lockouts” tab.

You’re still unable to log in

In the worst case, you can get the forbidden page “We’re sorry you are not allowed to proceed”. If you get it after an attempt to log in, it indicates a serious incompatibility or misconfiguration issue. That can happen if a third-party login form is in use. For instance, a login form generated by a plugin or a login form as a widget generated by a page builder (website builder). In such a situation, you need to use the default WordPress login page, which is /wp-login.php or the Custom login URL specified in the WP Cerber settings. If none of them let you log in, you, as a last resort, can delete the plugin folder, which is wp-cerber, log in as usual and install WP Cerber again. WP Cerber configuration and your settings will not be affected. Once you have WP Cerber reinstalled, disable “Protect all forms on the website with bot detection engine” in the anti-spam settings and/or Custom login URL in the Main settings. One of them can cause the issue.

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.