WordPress.org

Ready to get started?Download WordPress

Forums

Limit Login Attempts
Red box on login page doesn't display any text (8 posts)

  1. andysaks
    Member
    Posted 1 year ago #

    Hi - Thanks for making this plugin, a friend recommended it strongly and I just installed it.

    My issue is that on the login page, after you login incorrectly and the login page "shakes you off," a red box displays but has no text inside it at all. I assume this is where it tells you how many retries you have left before you're locked out.

    This isn't a small issue. As I discovered during testing just moments after install, it's easy to inadvertently misspell your own password a few times and lock yourself out when you're not warned a lockout is imminent, and not to be sure that's what happened until you wait 12 hours and find you can log in again.

    So how do I make the login attempt text appear inside the red box?

    Thanks in advance for your help --

    Andy

    http://wordpress.org/extend/plugins/limit-login-attempts/

  2. Zoe Rooney
    Member
    Posted 1 year ago #

    May be a conflict with theme or other plugin CSS - it's hard to tell without seeing the actual site where the error is happening. Do you have anything else running that might be impacting the login page (like something to customize how it looks)?

  3. andysaks
    Member
    Posted 1 year ago #

    Thank you for your quick response Zoe.

    I don't have anything else running that seems like it would interfere, and nothing relating to the login page, customization or otherwise. (But I'm new to WP so it's always possible.)

    Can I help you check with a screen shot, a URL, code, anything? Please be explicit with any instructions, I'm still learning my way around. :-)

    Thanks -
    Andy

  4. Zoe Rooney
    Member
    Posted 1 year ago #

    Yes, generally it's considered good form to include the URL in the question (see the notes after the comment box).

  5. andysaks
    Member
    Posted 1 year ago #

    Sorry about the missing URL, I assumed since it's not a problem with site pages themselves that wouldn't be helpful.

    The URL is http://www.sparkpresentations.com

  6. Zoe Rooney
    Member
    Posted 1 year ago #

    No worries, I can still test your login page with erroneous info :)

    So it looks like the error messages with and without the plugin itself aren't printing. You might try disabling the plugin and seeing if you get error messages then (for example, you should get one if you don't enter any password at all).

    The only plugin stuff I see on that page from other plugins is a jQuery Collapse type thing. You could try turning any plugins that would be putting that there off, but I doubt that's actually the problem.

    I wonder if your theme has a "feature" where they hide these messages - some people recommend it for added security so that someone trying to hack your site won't see what they're getting wrong.

    You could check your functions.php (or theme documentation) for something like:

    add_filter('login_errors',create_function('$a', "return null;"));

    I found that in a quick Google search as an example of a way to hide those messages.

  7. andysaks
    Member
    Posted 1 year ago #

    Hi Zoe,

    Thanks for all the insight and suggestions. I discovered:

    - I disabled the plugin and attempted logging in without a password, and it still didn't print a message inside the red box. So you were right about that.

    - I checked the functions.php and did find a command that appears to hide login messages, that reads:

    // removes detailed login error information for security
    add_filter('login_errors',create_function('$a', "return null;"));

    So two questions now:

    1. Would you recommend showing the login error details? Is it considered best practice to show or hide them? I'm leaning toward showing them, as just like any password issue (or locking my car or house) I think I'm more likely to lock myself out than anyone else. But don't want my site to be exposed unnecessarily either.

    2. If I wanted to show login error details, how would I safely remove this command from the functions.php? Do I simply delete the two lines above and save it, or is there more to it? Please be detailed, I'm new in town and have a tendency to break things in WordPress.

    Thanks so much!

    Andy

  8. Zoe Rooney
    Member
    Posted 1 year ago #

    My first recommendation is that you ONLY ever modify functions.php over FTP. Errors in syntax can break your site and lock you out entirely until they're fixed.

    My second recommendation is that you should be working in a child theme: http://codex.wordpress.org/Child_Themes

    With those two disclaimers out of the way, I would suggest you comment out that add_filter line by putting the two slashes in front of it, as such:

    // add_filter('login_errors',create_function('$a', "return null;"));

    That will keep it in the file but disable it. More flexible that way in case you change your mind down the road.

    I think it's ok to show the errors, as long as you make sure you are following other security practices (for example, not having "admin" as a user) and especially since the plugin we're discussing makes it so that even with those hints someone will get locked out if they fail a couple of times in a row.

    That's just my opinion, though - of course I can't make any guarantees about security and hiding or showing the messages.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.