Conflict with Ajax login

nikkoboy
(@nikkoboy)

6 years, 2 months ago
Hi,

I’m using the Listable theme with “Login With Ajax plugin” (Version 3.1.6 | By Marcus Sykes). I was having issues login in to my website via the Ajax plugin (no problem though to login via /wp-admin). Message: “an error has occured. please try again.”. Since I have hundreds of subscribers that need to access my website (and since I don’t want them to access it via /wp-admin), I really need this Ajax plugin.

After deactivating all my plugins one by one, I discovered that JetPack was apparently the one causing this issue. When I deactivated JetPack, I could login again to my website via the Ajax Plugin. Of course, my first thought was that this was linked to a security conflict. So I reactivated JetPack, and deactivated the “Protect/Prevent brute force attacks” feature, and the Ajax login feature continue to work properly.

I read on https://codex.wordpress.org/Brute_Force_Attacks that password protecting the wp-login.php file (and wp-admin folder) can add an extra layer to the server. But password protecting wp-admin can break any plugin that uses Ajax on the front end. If the “Protect/Prevent brute force attacks” feature indeed protects wp-admin, this can explain the bug I encountered. It’s usually sufficient to just protect wp-login.

I’ll share this information on the support page of the “Login With Ajax” plugin. However, I doubt this is the only login plugin that might be affected by JetPack’s security features.

Cheers,
- This topic was modified 6 years, 2 months ago by nikkoboy.

Viewing 7 replies - 1 through 7 (of 7 total)

Plugin Author Jeremy Herve
(@jeherve)

Jetpack Mechanic 🚀

6 years, 2 months ago

Thanks for the report!

We’ve had similar reports for bbPress’ log in widget, and will try to get this fixed in the next major release. You can follow our progress here:
https://github.com/Automattic/jetpack/issues/5144

I read on https://codex.wordpress.org/Brute_Force_Attacks that password protecting the wp-login.php file (and wp-admin folder) can add an extra layer to the server. But password protecting wp-admin can break any plugin that uses Ajax on the front end.

Jetpack Protect works differently, so that’s most likely not the issue here. We’ll take a look and I’ll post again here as soon as I have news.

Thread Starter nikkoboy
(@nikkoboy)

6 years, 2 months ago

Hi Jeremy,

Great to hear that this issue will be addressed in the next major release. Can’t wait to see it go live as Jetpack Protect is a feature I really like.

Steffen Dressler
(@steffend)

5 years, 10 months ago

Hi All,

I have the same problem, and also really would like to use both Login with Ajax plugin and Jetpack Protect.

Jeremy, have you had the chance to dig into the topic?

Thanks a lot,
Steffen

Plugin Author Jeremy Herve
(@jeherve)

Jetpack Mechanic 🚀

5 years, 10 months ago

@steffend Could you try to apply this patch to your installation of Jetpack, and let me know if it helps?
https://github.com/Automattic/jetpack/pull/5647/files

Steffen Dressler
(@steffend)

5 years, 10 months ago

I applied the changes to protect.php.
The login error message does not occur at each login, so testing will take some time. I will let you know of the results!

Thanks a lot,
Steffen

Steffen Dressler
(@steffend)

5 years, 9 months ago

Hi,

Ah, sorry, I forgot to give promised feedback. With the patch applied, the error did not yet reoccur.

That said… I encountered the same problem on another site of mine.

Is the fix already in Jetpack Core or do I have to apply it on each site and after each Jetpack update?

Thanks a lot for your time,
Steffen

Plugin Author Jeremy Herve
(@jeherve)

Jetpack Mechanic 🚀

5 years, 9 months ago

Thanks for the feedback!

The fix hasn’t been merged yet, but we’ll update that GitHub issue as soon as the patch has been fully reviewed.

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Conflict with Ajax login’ is closed to new replies.

Conflict with Ajax login

Topic Tags

Views