Hi Mark:
Here are queries to manually remove stuff from the database:
DROP TABLE wp_login_security_solution_fail;
DELETE FROM wp_options WHERE option_name LIKE 'login-security-solution%';
DELETE FROM wp_usermeta WHERE meta_key LIKE 'login-security-solution%';
Another option is to put the plugin files back, activate, go to the settings screen, turn on the “Yes, delete the damn data” option, then deactivate the plugin the remove the plugin files.
Sorry to hear about your problem logging in. I really want to know what’s going on. Can you please reactivate the plugin, adjust your php.ini settings so errors can be logged (log_errors = On and error_log = /path/to/php_errors.log) or seen (display_errors = On) and put define('WP_DEBUG', true); in your wp-config.php then try logging in?
Thanks!
–Dan
Another option is to put the plugin files back, activate, …
When the plugin is active I cannot log in. I was dropping wp_login_security_solution_fail, but didn’t know about the meta_key and option_name. I’ll clear those and give it a try with the error logging on.
Thanks.
I cleaned the DB and reactivated AND was able to log in. Then I got 44 emails for each subdirectory with the following info:
Your website, A, is undergoing a brute force attack.
There have been at least 0 failed attempts to log in during the past 120 minutes that used one or more of the following components:
Component Count Value from Current Attempt
———— —– ——————————–
Network IP 0 203.183.81
Username 0 admin
Password MD5 0 a287052406e90e2b54c51549a4a14986
=======================================
Your website, B, is undergoing a brute force attack.
There have been at least 0 failed attempts to log in during the past 120 minutes that used one or more of the following components:
Component Count Value from Current Attempt
———— —– ——————————–
Network IP 0 203.183.81
Username 0 admin
Password MD5 0 82fd14149e871ed46361b41d4e0c7b05
Hi Mark:
While there _could_ be a bug in the plugin, it sounds like something that only shows up if the plugin was installed improperly. Or you have a non-standard configuration that the plugin is not prepared for.
What other plugins are you using? How are you accomplishing the multisite capability? You only installed the plugin in one plugins directory, right?
Anyway, please go to the plugin’s settings page, tell it to “delete the damn data,” deactivate the plugin and remove the files. Then check that our table and settings and user metadata have been removed. Put the plugin back and use the Network Plugins user interface to activate the plugin.
Please let me know what happens and when doing so, please provide complete steps used for the install and the exact steps and resonses on the screen that caused the problem. For example, just saying “I cannot log in” does not provide the context needed for me to debug the situation.
Thanks,
–Dan
Hi Again Mark:
Have you had a chance to do the testing/debugging? I look forward to getting detailed information from you.
Thanks,
–Dan
Dan, I did delete the pluging, assured the tables were gone, then reinstalled via network/plugin-install.php, network activated.
Once activated I got the same result, multiple emails as described above… 0 attempts on all subdomains. Unfortunately I have no time right now to do any debugging so the plugin is inactive right now. If I can revisit it I’ll let you know.
Thanks for your concern.
Hi Mark:
Regarding the inability to log in, I did find that some behaviors had inadvertently changed, introducing a “Catch 22” situation. I just released version 0.9.0 to fix the problem. Now, when users choose an insecure password during the reset process, they can pick a better password right on the spot.
Please re-run the manual data removal queries I showed you, above. Of course, you must change the “wp_” table prefixes to match your table prefix. Please make notes of the results of the queries so we can keep track of their effectiveness. If you have further problems, I’ll want to see them.
Then upgrade the plugin and reactivate.
On the sending emails for 0 failed logins problem, that’s totally bizarre. If the problem persists, please send me those removal query results.
Please keep me posted.
Hi Mark:
I just released a new version. Can you try it, please?
I will but I may not get to it until next week… I’ll keep you posted.
I believe I have tracked down a bug relating to multisite installations and the email sending issue.
More details can be found in the ticket here: http://plugins.trac.wordpress.org/ticket/1548
This problem still exists in version 0.13.0, I have attached to the ticket modifications which work well for me.
Fix included in Release 0.14.0. Thanks Dean!
