Title: Content Encoding Error when enabling brute-force attack protection Last modified: April 4, 2020 --- # Content Encoding Error when enabling brute-force attack protection * Resolved [sun6hine](https://wordpress.org/support/users/sun6hine/) * (@sun6hine) * [6 years, 2 months ago](https://wordpress.org/support/topic/content-encoding-error-when-enabling-brute-force-attack-protection/) * First of all, many thanks for this great plugin! * I always had the brute-force attack protection activated by default and no problems with it. But since three days I can’t log into WP’s backend anymore. Several browsers reported a content encoding error. * Therefore I deactivated NinjaFirewall manually (FTP) and switched off the preceeding brute-force attack protection. The usual log-in page of WordPress appears without problems and I can log in again, yay. * Nevertheless, I’d like to reactivate the brute-force attack protection (by default). What could be the reason for this feature causing the Content Encoding Error? * Thank you very much! Viewing 10 replies - 1 through 10 (of 10 total) * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [6 years, 2 months ago](https://wordpress.org/support/topic/content-encoding-error-when-enabling-brute-force-attack-protection/#post-12629538) * Did you make any change lately: 1. Some change to the “Firewall Policies > Advanced Policies > HTTP Response Headers” section? 2. Installed/re-configured a new theme or plugin? * Can you try to disable the “Enable bot protection” from the “Login Protection Page”? * Which browser, version and OS is affected, and which one isn’t? - This reply was modified 6 years, 2 months ago by [nintechnet](https://wordpress.org/support/users/nintechnet/). * Thread Starter [sun6hine](https://wordpress.org/support/users/sun6hine/) * (@sun6hine) * [6 years, 2 months ago](https://wordpress.org/support/topic/content-encoding-error-when-enabling-brute-force-attack-protection/#post-12630888) * Thanks for your reply! * 1. No changes were made to HTTP Headers, neither through NF, nor manually. 2. No new themes/plugins were installed. * Interestingly, when I disable “Enable bot protection”, the server replies with HTTP 401 (Unauthorized), so there’s no Content Encoding Error anymore … which, optimistically speaking, is a step forward 😉 * (Tested on Chrome 80, FF 74.0.1, Edge 80, Opera 66; Win10, several Linux’ and MacOS) * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [6 years, 2 months ago](https://wordpress.org/support/topic/content-encoding-error-when-enabling-brute-force-attack-protection/#post-12633888) * What is your PHP version? It looks like you’re having issue with either the ` init_set` PHP functions (it could be blocked by your host) or the `zlib.output_compression` PHP directive. Both are used by the firewall’s “Enable bot protection” feature which will handle the encoding. * Thread Starter [sun6hine](https://wordpress.org/support/users/sun6hine/) * (@sun6hine) * [6 years, 2 months ago](https://wordpress.org/support/topic/content-encoding-error-when-enabling-brute-force-attack-protection/#post-12636186) * Thanks, that’s an idea! I’m running on 7.3.15. `zlib.output_compression` is set off. * If `init_set` is blocked (shared server :/), there’s no chance to avoid 401 ( even w/o bot protection enabled), correct? * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [6 years, 2 months ago](https://wordpress.org/support/topic/content-encoding-error-when-enabling-brute-force-attack-protection/#post-12639833) * The 401 is always returned as long as you don’t enter the right password (or captcha), i.e. when you access the page. If you disabled “Enable bot protection”, does it work as expected? * Thread Starter [sun6hine](https://wordpress.org/support/users/sun6hine/) * (@sun6hine) * [6 years, 2 months ago](https://wordpress.org/support/topic/content-encoding-error-when-enabling-brute-force-attack-protection/#post-12639951) * No, unfortunately, that’s just the problem … * _Login Protection **enabled**_: Bot Protection **enabled**: Content Encoding Error, can’t access website at all. Bot Protection **disabled**: Returning 401 without even being able to enter user/pass or solve captcha. * _Login Protection **disabled**_: Can login to WP backend without running into errors. * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [6 years, 2 months ago](https://wordpress.org/support/topic/content-encoding-error-when-enabling-brute-force-attack-protection/#post-12643833) * Can you try to run this command 3 times: * Once with Login Protection enabled + bot protection enabled. * Once with Login Protection enabled + bot protection disabled. * Once with Login Protection disabled. * `curl 'https://YOUR_WEBSITE/wp-login.php' -I -A 'Mozilla/5.0' -H 'Accept: *' - H 'Accept-Language: *'` * And to paste the results here. * Thread Starter [sun6hine](https://wordpress.org/support/users/sun6hine/) * (@sun6hine) * [6 years, 2 months ago](https://wordpress.org/support/topic/content-encoding-error-when-enabling-brute-force-attack-protection/#post-12645176) * Thanks, I’d appreciate that, but unfortunately I don’t have access to the console in the limited package of my webhoster :/ * From your point of view, is there anything against restricting access to wp-login. php via htaccess? This way, bruteforce attacks could still take place, though it sets up a second hurdle. * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [6 years, 2 months ago](https://wordpress.org/support/topic/content-encoding-error-when-enabling-brute-force-attack-protection/#post-12649108) * Sure, you can disable it from the .htaccess or password-protect it (.htaccess + .htpasswd). * Thread Starter [sun6hine](https://wordpress.org/support/users/sun6hine/) * (@sun6hine) * [6 years, 2 months ago](https://wordpress.org/support/topic/content-encoding-error-when-enabling-brute-force-attack-protection/#post-12655722) * Thank you, then I will resort to this makeshift solution. Sorry I couldn’t get to the bottom of the problem any further, many thanks for the great support and your time! Viewing 10 replies - 1 through 10 (of 10 total) The topic ‘Content Encoding Error when enabling brute-force attack protection’ is closed to new replies. * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137) * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/) * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq) * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/) * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/) * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/) * 10 replies * 2 participants * Last reply from: [sun6hine](https://wordpress.org/support/users/sun6hine/) * Last activity: [6 years, 2 months ago](https://wordpress.org/support/topic/content-encoding-error-when-enabling-brute-force-attack-protection/#post-12655722) * Status: resolved