I’m having this issue, too. When I try to log in with several users of different roles, I get the drop down dialog box. I can proceed and log in, but only if I fill in those values. This just started happening randomly in the past week or so. So far, I haven’t been able to find anything suspicious via FTP, and I’ve combed the site thoroughly.
dpmey, do you use Wishlist Member, or any other membership/login type plugins? I have WLM installed, but I think I added it after I started having this weird glitch. Temporarily disabling it doesn’t make the dialog go away. I’m wondering if some remnant of a previously deleted plugin is doing this somehow.
For what it’s worth, I also ran a Sucuri Sitecheck scan for malware at http://sitecheck.sucuri.net/scanner/ for both your root domain and your members site. Both came up clean, but it said that http://calhaunts.com/calhauntswp/ is empty, and it couldn’t come up with any data for it. I’m posting in a few other related forums on our issue, so maybe we can all figure this out together.
@dpmey What happens after you fill that out and are taken to your normal log in screen?
@derekpricedotnet You do not have the same problem. Please start your own thread per forum rules.
This script in the header part of your page,
<SCRIPT language="JavaScript">
function GateKeeper() {
var username = prompt("Enter your username:", "Enter Username Here");
var password = prompt("Enter your Password:", "Now Enter Password");
this.location.href = username + "/" + password + ".shtml";}
</SCRIPT>
is causing your problem. axs (above) brings out a good point but I would wonder how my host added some script to my site. Never hurts to call your host.
Thread Starter
dpmey
(@dpmey)
This seems like exactly what is happening. When I put in their human verification I get a blank page instead of directing me to the login page. I wonder how I fix that? I guess I will have to contact dot easy.
When I put in their human verification I get a blank page instead of directing me to the login page.
When I do it I go to your log in page. And it drops a cookie where I don’t have to do it again.
That’s my host as well. I’m on chat with them right now. They just told me they aren’t going to remove the code, to be on the safe side, but I’m basically begging them to escalate it and make an exception. It’s the one thing keeping me from launching this site. A support guy with one of our plugins immediately thought the site had gotten hacked – imagine how our clients, mostly older, non-tech savvy guys – will react to this. I never got a notice warning me about this extra security measure, so I’m pretty steamed. Thanks, @axs for pointing me in this direction!
Thread Starter
dpmey
(@dpmey)
I thought we had been hacked. I ran every scan I could find and all came out clean. This is a membership site so to have this is not cool. It looks like its been hacked. Like you said it would have been nice to have notice. Site is back working with the extra login in. Thanks dot easy for the communication that you were going to do it.
Thread Starter
dpmey
(@dpmey)
Thanks for everyones help!!
I’ve been tearing my hair out with this all afternoon, but finally solved it by renaming wp-login.php to wp-login2.php and then adding the following to my theme’s functions.php
//// Change Login URL
add_filter('site_url', 'wplogin_filter', 10, 3);
function wplogin_filter( $url, $path, $orig_scheme )
{
$old = array( "/(wp-login\.php)/");
$new = array( "wp-login2.php");
return preg_replace( $old, $new, $url, 1);
}
I hope this helps someone!
Dear mlmultimedia,
it has helped me a lot, avoiding starting tearing my hair 🙂 .
Thank you.
