WordPress.org

Ready to get started?Download WordPress

Forums

Login Security Solution
[resolved] Cannot Login To Site (5 posts)

  1. Mike
    Member
    Posted 1 year ago #

    This morning, neither my client or I were able to login to the website where yesterday I had installed LSS.

    It is likely I caused this problem, but let me recount the sequence of events, as best I can recall, to get your advice before proceeding:

    1) While trying to lock down the site, I changed permissions for config.php to 400 and tried to access the site. I received a flood of mySQL errors:

    Warning: mysql_real_escape_string(): 8 is not a valid MySQL-Link resource in .../wp-includes/wp-db.php on line XXX (many lines of this error)

    2) At this point, I could not log into the site. I restored the config.php permissions, but received message that my password needed to be changed. I did so, a couple of times.

    3) Apparently at more or less the same time, my client was trying to login, and received the same error. She also reset her password several times.

    4) I received 9 emails from the site saying POTENTIAL INTRUSION AT (sitename)

    I was able to delete the plugin via FTP access, and can now access the site's admin section.

    If it matters, the DB table "wp_login_security_solution_fail" is intact, as is the login security data from the _usermeta and _options tables.

    My questions:

    A) Did my changing permissions on config.php have any effect on LSS?

    B) I would like to reinstall your plugin. How would you recommend that I proceed?

    http://wordpress.org/extend/plugins/login-security-solution/

  2. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Hi Mike:

    The proper permissions for wp-config.php depends on the way your web server works. Most likely, you'll need chmod 440. This may be, but probably is not, related to the LSS issues you're encountering.

    Can you please read the "The password reset behavior..." passage of the following post:
    http://wordpress.org/support/topic/plugin-login-security-solution-password-reset-loop?replies=3#post-3036352. Does that apply to your situation?

    I assume you and your client have distinct user accounts and are not sharing them.

    What other plugins do you have installed? If there are any others, have you read my plugin's FAQ? http://wordpress.org/extend/plugins/login-security-solution/faq/

    Are you running a stand-alone installation of WordPress, or are you running a multisite network installation?

    Are you behind a proxy or load balancer?

    Can you dump the contents of your wp_login_security_solution_fail table and email it to me at danielc@analysisandsolutions.com?

    As far as reinstallling, just put the plugin files back in place and you should be good to go. WordPress may want you to reactivate it, so check the Plugins page in wp-admin.

    --Dan

  3. Mike
    Member
    Posted 1 year ago #

    Can you please read the "The password reset behavior..." passage of the following post:
    http://wordpress.org/support/topic/plugin-login-security-solution-password-reset-loop?replies=3#post-3036352. Does that apply to your situation?

    I don't believe so. I was trying to login legitimately, as was my client.

    I assume you and your client have distinct user accounts and are not sharing them.

    That's correct.

    What other plugins do you have installed? If there are any others, have you read my plugin's FAQ? http://wordpress.org/extend/plugins/login-security-solution/faq/

    I have a number of plugins, but not Better WP Security. I'll email the list to you along with the _fail table.

    Are you running a stand-alone installation of WordPress, or are you running a multisite network installation?

    Standalone.

    Are you behind a proxy or load balancer?

    No.

    Can you dump the contents of your wp_login_security_solution_fail table and email it to me at danielc@analysisandsolutions.com?

    Yes. Done.

    As far as reinstallling, just put the plugin files back in place and you should be good to go. WordPress may want you to reactivate it, so check the Plugins page in wp-admin.

    I've done this. I was immediately bounced out of the admin section, but was able to successfully change my password and login back in.

  4. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Hi Mike:

    Thanks for sending me the detailed information via email.

    I tracked down and fixed the problem with the not a valid MySQL-Link resource issues. It happens when invalid auth cookies are presented. That was happening due to multiple browsers being used, with the password having been changed in one and not the others. The problemis the auth cookie check happens very early in the process, so my database close call (before sleeping) leaves WP unable to render the rest of the page.

    The required password resets you and your client encountered were due repeatedly trying incorrect passwords. You 8 times, your client 5, then 3 other passwords 2x each. (Perhaps some were auth cookies, I don't know.) Anyway, I added some logic to only track a given IP, user, password combination one time. This will cut down on the problem you hit.

    I also suggest having a user name other than "admin." I added an explanation to the plugin's FAQ.

    All of this is in the new release, 0.22.0.

    Thanks again,

    --Dan

  5. Mike
    Member
    Posted 1 year ago #

    Thanks for your help, Daniel.

    I've installed v0.22.0, and so far, so good. I'll let you know if I see any other unexpected behavior.

    And I've deleted the admin account. Thanks for the reminder.

    Mike

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.