0x00 Story
Recently when I give the right username and password to wp-login.php, and there’s nothing happen but only refreshing page shown in my browser. It is kind of weird, but it is won’t always happen, so I just ignore it. But today when I try to login my site, no matter how hard I try, it is just a repeating wp-login.php page, so it is time to do something.
0x01 Analysis
Firstly, I tried to modified the name of plugins directory. After doing this, the problem still existed, but fortunately I could login to the dashboard once in a while rather than being blocked out all the time.
At that time I had made some progress, but it was far from success. Suddenly, it came to my mind that is it possible that my CDN is to blame?
OK then I turn off CDN and resolve domain to its origin, to my delight, the problem’s solved.
Now that we know the CDN is to blame, we may dig into it further to find what exactly configuration of my CDN cause this problem.
As is known to us all, by default, each time we login to our blog WordPress creates a session cookie which is used to authenticate us, recently I made some modification on this, I’ve installed a plugin which makes wordpress cookie dependent of user’s ip, but I forget to synchronize this change in another origin server. Since the CDN may direct my request to the unchanged origin server, I think here’s the cause of problem.
0x02 Fix
Based on analysis above, it is quite easy to fix it, just remove the old origin server from CDN origin list can probably fix the problem.