Max Simultaneous Logins

  • Resolved darrenchu

    (@darrenchu)


    6 years, 3 months ago

    Hi,
    First off, thanks to all the volunteers who are tirelessly helping answer questions in this forum, and a big thank you to the developers who made S2member possible.

    In the past few months, a premium member (and some free members in the past few weeks) on my website have been frequently denied access to the website after attempting to login. The error message is as follows:

    Maximum simultaneous logins for username xxx
    Please wait 30min and try again

    After logging in as admin I locate the premium user profile with the issue, reset IP restrictions and logged the user out of all locations, and still no avail.

    I also went into my S2member pro settings, relaxing all settings around Brute Force/IP login restrictions, Unique IP restrictions, and Simultaneous login restrictions. I’ve reset all of the associated logs as well.

    Initially, I thought as well that perhaps there was interference from other security plugins, so I deactivated the ones that detect for registration spam to see if they were triggering the problem.

    The only temporary workaround appeared to be deactivating S2member, and logging in with the problematic user account. Upon reactivation, S2member trips up on the login again with the same error…

    To clarify, my administrative login doesn’t appear to be affected.

    Looking forward to any ideas, and thanks in advance.

    Darren

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Cristián Lávaque

    (@clavaque)

    6 years, 3 months ago

    Hi Darren.

    Sorry for not noticing your question sooner.

    I see you already tried the first things that came to mind to suggest.

    Are you getting this with only some few random users, or generally with everyone? Can you find a common denominator between them? Did you figure out the steps to reproduce the behavior?

    After the 30 mins ban, are they able to login, or they just don’t recover access at all? Are they still not able to login after you reset the restriction, or they do but then trigger it again on next login?

    I look forward to your update. 🙂

    Thread Starter darrenchu

    (@darrenchu)

    6 years, 3 months ago

    Hi Cristian,
    Tks for the follow-up.

    I had to deactivate all of the plugins that handle spam registrations, and this eventually eliminated the false positives that were preventing legitimate logins.

    The conflicting plugins that you may want to test with S2member are:

    Astounding Spam Prevention
    WP-SpamShield
    WP Cerber Security, Antispam & Malware Scan

    It’d be fantastic if I could use one of the above as the spam registrations are out of control.

    Thanks in advance!
    Darren

    Thread Starter darrenchu

    (@darrenchu)

    6 years, 3 months ago

    Actually, in my list of spam-prevention plugins above, there’s probably little reason to look into WP-SpamShield.

    The plugin website provided (https://www.redsandmarketing.com/plugins/wp-spamshield/) no longer loads up for me (and this appears to have been the case for at least half a year.

    Darren

    Plugin Author Cristián Lávaque

    (@clavaque)

    6 years, 3 months ago

    Thank you very much for the update and feedback, Darren! 🙂

    peoy

    (@peoy)

    6 years, 3 months ago

    @darrenchu to prevent bot-signups and brute force login attempts by bots, I use “Security Protection” by webvitaly:
    https://wordpress.org/plugins/security-protection/

    It’s a bit old, but works pretty well. As the login widget in s2Member is not fully compatible with this plugin (request to fix this for some future version of s2Member ?), on every update of s2Member, I have to add one lines of code to the login widget php file:

    https://wordpress.org/support/topic/nag-advertising-for-mailoptin/#post-11054558

    Since s2Member is almost abandoned, this will need to be redone at maximum one time a year, and since “Security Protection” has not been updated in 4 years, the update to that file should be considered a one-time task.

    [if not modifying the files, login will not work from the widget, and you will be redirected to wp-login.php]

    • This reply was modified 6 years, 3 months ago by peoy.
    peoy

    (@peoy)

    6 years, 3 months ago

    @clavaque Got that same problem with one of my protected user accounts yesterday (or actually a few days ago).

    First, reasonable or not, the block for monthly limit of different IP-addresses was triggered. I cleared the log (+ ran my own script to remove all entries in wp_options containing “%_transient_%_s2m_ipr_%”).
    Then the above error appeared, “Maximum simultaneous logins for username”. I cleared the IP log for that user (in the s2Member section of the user’s info), and he still got the same message.

    This user was using the tor browser and a VPN connection, so just a “user error”, but probably easy to reconstruct. I haven’t heard anything new from him since I told him to wait the 30 minutes before the next attempt to log in.

    It looks like “Reset IP restrictions” doesn’t do its job completely.

    • This reply was modified 6 years, 3 months ago by peoy.
    • This reply was modified 6 years, 3 months ago by peoy.
    Thread Starter darrenchu

    (@darrenchu)

    6 years, 3 months ago

    Thanks for the suggestion Peoy!
    I think I’ll manually delete the spam registrations for now, but am about to try troubleshooting around the false positives (where legitimate members get denied login access) from using Astounding Spam Prevention, by activating a log file and seeing what happens when legitimate members try logging in.

    Hopefully S2Member doesn’t get abandoned. So much work went into it, and it does the job so well for so many things.

    Darren

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Max Simultaneous Logins’ is closed to new replies.