WordPress.org

Ready to get started?Download WordPress

Forums

Login Security Solution
[resolved] Stops attacks ... AND YOU! (10 posts)

  1. AgilityJeff
    Member
    Posted 1 year ago #

    The password enforcements "feature" is a bit over-zealous in my opinion. To the point that I could not log in to my own websites after my admin session went dormant.

    I was forced to reset my password - but no password was secure enough ... and believe me - I TRIED 20 character PW's that just weren't acceptable.

    Good idea and it DOES effectively block out the Brute Force idiots out there, but implementation is not yet ready for 'prime time'.

    http://wordpress.org/extend/plugins/login-security-solution/

  2. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Hi Jeff:

    When trying to enter a new password, can you please specify the _exact_ error messages you were given? Login Security Solution explains which rule has not been met.

    Something seems wrong. For example, passwords of 20 or more characters are exempt from the complexity rules. Perhaps there's another plugin conflicting?

    Thanks,

    --Dan

  3. AgilityJeff
    Member
    Posted 1 year ago #

    Yes Daniel, something DOES seem wrong. And whatever it is has caused a good deal of time being expended on deleting your plugin's files by FTP as well as installing a Better security solution.

    Your plugin does not specify which rule has been 'broken' ... it only states that the password is not secure, refreshes the page and gives me two blank fields to try again.

    Good luck with the further development of this project. I hope you can calm down this password nonsense and transition this project in to a useful addition to the WordPress community.

    Jeff

    P.S. Conflict is HIGHLY unlikely as there are NO other security plugins running, no CAPTCHA, nothing.

  4. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Hi Jeff:

    I misremembered. I thought the password reset screen acted the same way as the profile edit page does. You're right, the password reset page gives a generic error message. I set it up that way because there's a HTTP redirect involved, so when initially writing the program last year I took that shortcut. Sorry for the misspeaking and for the lousy user experience.

    BUT!... Your inquiry inspired me to change how the password validation error messaging works. Now I pass specific error message keys to the HTTP redirect and then use those keys to generate specific error messages on the password reset page. This change has been pushed to the Github repository.

    You can get the latest code there now, or you can wait for the next release, 0.36.0, from the WordPress plugins repository when I get a chance to push it up there in the next day or so.

    Thanks,

    --Dan

  5. PumaOnHolyJade
    Member
    Posted 1 year ago #

    Yeah.. and plugin author didn't reply to our submitted support that's ignored for 5 days now.. felt left out

  6. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    @PumaOnHolyJade: Come on. I've got two kids, a full time job, taxes to file, etc, etc. Expectations of support need to keep things like that in mind when using software that is maintained on a purely volunteer basis. In that scheme of things, I'm very responsive, eventually getting to all support threads. --Dan

  7. AgilityJeff
    Member
    Posted 1 year ago #

    Daniel,

    Good luck with the continuing development of this project ... it can be a valuable addition to the WP community!

    Jeff

    (Good luck on the taxes as well.)

  8. tomdkat
    Member
    Posted 1 year ago #

    This thread is EXACTLY what I needed to read this morning! A blog I maintain is currently under attack and I've been prompted to have to reset the password. When I had this issue before, NONE of the new passwords were accepted and I ended up having to "rip out" the plugin to regain access to the WordPress dashboard.

    I'm anxiously awaiting the release of Login Security Solution 0.36.0!

    Thanks!

    Peace...

  9. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    0.36.0 is out the door!

  10. DolphinGuy
    Member
    Posted 1 year ago #

    Daniel,

    I am completely satisfied with your plugin after making a full review of many others lock=down plugins shortcomings. Let me commend you on your reply to tickets which is so often lacking and one of the many reasons that sway my decision to using a plugin. You are a valuable part of this freebie WP community and those less capable of writing a plugin of this magnitude themselves ought to acknowledge that fact.

    Keep up the good work, looking forward to your next update, as soon as you pay your taxes and read the kids asleep.

    DolphinGuy

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.