[Resolved] Log Out Lock Out [Major Bug?]
Every time I log out of my WordPress website(s) it counts against me as a failed login attempt. Not sure if this is a known bug or if this Plugin is even still being worked on but it seems to be happening on all my WP installs.
It looks like this problem only occurs with a Captcha (http://wordpress.org/support/plugin/captcha) plugin installed, which usually works well with Limit Login Attempts.
So Limit Login Attempts + Captcha == Logout Lockout
I’ll submit this issue on the Captcha support forums, not sure if the developer can work around this in future versions or not.
I’m having the same issue and use both of those plugins.
Try installing this plugin:
I feel like adding a entire plugin just for this small problem is a bit much, thanks though.
I have the same problem, but appear to be using a different Captcha plugin than Howdy_McGee. This seems like a problem the Limit Login Attempts developer should be able to fix, not something every Captcha provider should have to work around.
My mistake; I was using the same Captcha plugin. I note that I had these two plugins running together for some time with no problems. Presumably a recent update to one of them (or perhaps to WordPress?) broke something.
Followup. I tried deactivating Captcha and keeping Limit Login Attempts running. My “tries remaining” continued to count down. I think this means Limit Login Attempts alone is the problem, not the combination of Limit Login Attempts and Captcha. I look forward to hearing that this has been fixed or that someone else in the forum has found a good replacement plugin.
Hi all, I have had exactly this problem on three sites with Captcha 3.9.5 installed alongside Limit Login Attempts 1.7.1.
Diasbling Limit Login Attempts via ftp then logging on and deactivating then deleting Captcha from the WP control panel before logging off WP and re-enabling Limit Login Attempts via ftp appears to clear the problem.
Poiuseye, reading your post suggested to me that your continuing problem may be related to the system current state and the process steps you used to deactivate Captcha and that Limit Login Attempts is reading a transient variable. I’d be interested to know if the process I used solves your problem.
As an aside we have been suffering low level bot hacking attempts for a while (20-40 per 24 hours) and from the logs it seems as though Captcha is not effective either because the bots are bypassing it or a brute force algorithim is able to fake the Captcha answer but I can find no evidence that Captch is helping with this issue.
Good News! Looks like Captcha has fixed this problem with V3.9.6 (of Captcha) – 12.02.2014
If you haven’t updated yet, go ahead and update and it seems to have fixed the problem.
Not all good news. I’ve just installed 3.9.6 of CAPTCHA and on my sites it does not solve the problem – I’m back to being logged out again.
So on my server configuration the fix doesn’t seem to work
I do not have this problem anymore, when I log out it does not count against me or lock me out.
Before reading your procedure, and believing my test proved that Limited Login Attempts (LLA) was the problem, I switched from LLA to a compatible plugin that also permits limiting login attempts, then reactivated Captcha. The plugin I switched to is Wordfence. If you try it, be aware of this issue, which gave me some problems.
Anyway, Captcha’s people now appear to accept that Captcha was the cause, but say that the problem has been fixed.
Hi Guys, let me add an update to this post and then transfer to the CAPTCHA support page
I logged in to one of the affected sites via a remote IP, cleared all LLA lockouts and deactivated and de-installed CAPTCHA (3.9.6). (LLA v 1.7.1)
I then logged back in to the site from the usual IP without any problem, so LLA was working fine.
I then re-installed CAPTCHA 3.9.6, activated it then logged out.
I then tried to log back in from the usual IP and again LLA showed that it had decremented the number of remaining login attempts by 1.
I completed the login (I had LLA tries remaining) and deactivated and deinstalled CAPTCHA and logged out.
On trying to log back in without CAPTCHA enabled LLA did not further decrement the number of remaining login attempts.
So, unless there is some other strange issue with the loaded plugin selection or the server platform configuration, the evidence points to CAPTCHA 3.9.6 being the issue – even after the bug fix.
It does seem to confirm that the problem is not with LLA
- The topic ‘[Resolved] Log Out Lock Out [Major Bug?]’ is closed to new replies.