Support » Plugin: WP-Members Membership Plugin » WP-Members conflict with Wordfence Security

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author Chad Butler

    (@cbutlerjr)

    This is not discussing the same plugin, but it is likely the same answer and solution:
    http://rocketgeek.com/tips-and-tricks/workaround-for-wp-members-front-end-login-when-using-si-captcha-on-the-wp-login-form/

    Thread Starter Joe Schmoe

    (@jeffalpers)

    Thanks Chad, I will look into that possible solution and post my results.
    Jeff

    Thread Starter Joe Schmoe

    (@jeffalpers)

    Chad,
    I searched the plugins folder for anything with remove_filter, and came up with these results for wp-members

    \wp-content\wp-content\plugins\wp-members\inc\class-wp-members.php (2 hits)
    	Line 881: 			remove_filter( 'the_content', 'wpautop' );
    	Line 883: 			remove_filter( 'the_content', 'wptexturize' );
      \wp-content\wp-content\plugins\wp-members\inc\shortcodes.php (4 hits)
    	Line 279: 			remove_filter( 'the_content', 'wpautop' );
    	Line 281: 			remove_filter( 'the_content', 'wptexturize' );
    	Line 659: 			remove_filter( 'the_content', 'wpautop' );
    	Line 661: 			remove_filter( 'the_content', 'wptexturize' );

    `
    So it doesn’t appear that wp-members is removing the authenticate function. Do you agree?

    Plugin Author Chad Butler

    (@cbutlerjr)

    So it doesn’t appear that wp-members is removing the authenticate function. Do you agree?

    Yes, that statement is true. But I think you maybe misunderstood what was discussed in the post.

    WP-Members does not remove the authenticate filter. The issue doesn’t actually have anything to do with what WP-Members is doing. It has to do with other plugins removing the authenticate filter and implementing their own process for authentication (instead of the WP function wp_authenticate_username_password()).

    If you’re looking through WP-Members for this, you’re looking in the wrong place. You need to know what is being done by the other plugin.

    The solution presented is to add the original wp_authenticate_username_password() function back in using the authenticate filter at a later priority than the process that is removing it.

    Thread Starter Joe Schmoe

    (@jeffalpers)

    My apologies, I was confusing plugins 🙂
    But I searched all the plugins (actually I searched the entire wp-content folder and all sub-folders). Several plugins call “remove_filter”, but none pass a parameter “wp_authenticate_username_password”, or any similar named parameter. And the plugin WordFence Security does not call “remove_filter” at all.
    So…does that mean this issue does not apply in my case?
    Thanks again Chad.

    Thread Starter Joe Schmoe

    (@jeffalpers)

    I did also add this code to my theme’s function.php file

    if( ! isset( $_POST['wp-submit'] ) ) {
        add_filter('authenticate','wp_authenticate_username_password',99,3);
    }

    But this did not fix the issue.

    Plugin Author Chad Butler

    (@cbutlerjr)

    So… let me add to what I mentioned above. wp_authenticate_username_password() doesn’t necessarily have to be removed by the other plugin. I took a look at WordFence and in this case it’s not. But WordFence does use add_filter to hook to “authenticate”, so whatever it is doing comes at priority 99.

    It also has a number of other places it hooks into the login process.

    However, it’s not a captcha or adding an extra parameter as I initially thought the issue might be. So that’s not the issue and thus not the solution.

    I’m not sure what to tell you. I loaded this plugin and tested it and had no issues with the default configuration. I also tested with the cache turned on as well as increasing some of the security settings.

    With increased security settings I did lock myself out when using invalid logins, but that’s what WordFence is supposed to do.

    After taking a look at this directly, I recognized the screens used as I recall seeing this plugin in use by several priority support subscribers as well, none of whom reported any issues directly related to this plugin with the login.

    Thread Starter Joe Schmoe

    (@jeffalpers)

    Thank you Chad, I really appreciate your personal support for your plugin. Like I said, WP-Members does exactly what I want and I really want to keep it and make it work alongside a security plugin. Possibly it’s an issue with the responsive theme by cyberchimps.
    I will keep trying to get this combination to work and let you know if I find the solution.
    Thanks again

    Thread Starter Joe Schmoe

    (@jeffalpers)

    This code is found in my theme’s functions.php file:
    add_filter('authenticate','wp_authenticate_username_password',99,3);

    Is this possibly the source of my issue?

    I’m using WP-Members and the free version of WordFence without any problems. I use WordFence on all 8 websites I have. And I’m using it on many responsive themes and a premium theme from Themify without problems.

    I would look into a possible theme conflict. If you’re not already doing so, you should also be using a child theme.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘WP-Members conflict with Wordfence Security’ is closed to new replies.