Title: cookie based brute force
Last modified: April 16, 2026

---

# cookie based brute force

 *  Resolved [dolceremy](https://wordpress.org/support/users/centoasa/)
 * (@centoasa)
 * [1 month, 3 weeks ago](https://wordpress.org/support/topic/cookie-based-brute-force/)
 * I have enabled this great system, but almost every time I change login, returning
   to the browser and station in my office I see page 127.0.0.1 and I have to rewrite
   the url with the secret word. Is this behavior normal? Or am I wrong something?
   I use a cache system on litespeed system but I believe that a url of the type
   [https://www.pippopluto.com/?disney=1](https://www.pippopluto.com/?disney=1) 
   is bypassed. Thank you

Viewing 1 replies (of 1 total)

 *  Plugin Support [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/)
 * (@hjogiupdraftplus)
 * [1 month, 3 weeks ago](https://wordpress.org/support/topic/cookie-based-brute-force/#post-18882715)
 * Hi [@centoasa](https://wordpress.org/support/users/centoasa/)
 * 127.0.0.1 wp-admin only being redirected means you have enabled cookie-based 
   brute force.
 * You should try accessing the site using the secret word, like this: {site_url}?{
   secret_word}=1. This will save a cookie in your browser for **24 hours**. After
   that period, it will start redirecting to 127.0.0.1, and you will need to access
   it again using {site_url}?{secret_word}=1.
 * Regards

Viewing 1 replies (of 1 total)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fcookie-based-brute-force%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/all-in-one-wp-security-and-firewall/assets/icon-256x256.
   png?rev=2798307)
 * [All-In-One Security (AIOS) – Security and Firewall](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/)
 * [Active Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [hjogiupdraftplus](https://wordpress.org/support/users/hjogiupdraftplus/)
 * Last activity: [1 month, 3 weeks ago](https://wordpress.org/support/topic/cookie-based-brute-force/#post-18882715)
 * Status: resolved