Captcha Challenge successful redirects to 404

I have a page rule that protects the WordPress login screen:

redacted.com/wp-login.php

Browser Integrity Check: On, Security Level: I’m Under Attack, Cache Level: Bypass

I use a built in redirect that is part of WP core: redacted.com/admin
to access the login.

When it challenges me with a captcha and I complete it successfully, it sends me to a 404 page.

When I am not challenged (browser integrity check only, I completed the captcha a day prior) it redirects completely fine to wp-login.php

In both instances the URL resembles this:

https://www.redacted.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.redacted.com%2Fwp-admin%2F&reauth=1&cf_chl_jschl_tk=pmd_LJN9tm66ElrEzHuXAqH9aySBasQQCwDvpUVWvWwo8w8-1634854631-0-gqNtZGzNrandomwordhereforpublicurlnotpartoforiginalurlcnBszQel

When I do receive a 404, if I manually type in the url /wp-login.php it loads fine, so it seems to be correlated with the url parameters past ?. Thing is, when the captcha challenge is bypassed because I had completed it recently, I end up with a similar url and it works as expected.

Anyone else running into this? Any tips for how to troubleshoot this would be appreciated. Thanks!

May I ask does his 404 page come from Cloudflare or rather from the origin host / server?

Kindly, can you post a screenshot of it?

Interesting.

Why so?

I would:

  1. Re-check your redirection from /admin to wp-login.php.
  2. Also the HTTPS settings.
  3. Also the cookies between non-www and www yourdomain.
1 Like

Appreciate the response!

It is a 404 served by the website itself (wordpress theme with a 404 error presented)

I’ll check on those three things as well, thank you. I think you may be onto something with 2 or 3, although I’m not sure what HTTPS settings could be awry. I do notice I start at non-www and then land on www.

Thanks again.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.