Is it possible for a hacker to bypass this plugin?
-
Hi,
I have issues with someone that appears to be able to stay logged in even if expire users has set account to expired.
I personally cannot login but i see in my logs that he is logging in and hitting links that are hidden.
Is there anyway to bypass this by hitting a fake cookie or something? I see that he is actually logging in via the login page but when i do the same i get a message saying i’m expired, but when he does it he appears to get logged in and redirected to the area i’ve setup for logged in users.
He appears to be using Chrome as a browser but this could ofcourse be fake, but when i try with chrome i cannot login using his account.
Ideas how he does this?
-
Not sure why this plugin isn’t securely logging out users that have been expired but updating the code to wp_clear_auth_cookie(); upon login attempt may fix this, there’s definitely a way to login even if you have an expired account and bypass this plugin, perhaps by posting directly to wp-login.php rather then surfing to wp-login.php page.
Using latest version of this plugni 1.02 and latest version of wordpress: 4.9.7
- The topic ‘Is it possible for a hacker to bypass this plugin?’ is closed to new replies.
