Support » Plugin: WPScan - WordPress Security Scanner » NEW” Weak Passwords” security check is not working

  • Resolved Panos

    (@xpanos)


    After update to the new version 1.14 and try to run the new “Weak Passwords” security check, running it as a seperate check from the Action session, the test seems to never end as many times as we run it. After refreshing the tab in order to try to re-run it it seems that never happend with the message next to it “Not checked yet. Click the Run button to run a scan”. Trying again to re-run it and it seems its in a loop and the test never ends.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author ethicalhack3r

    (@ethicalhack3r)

    Thanks for the report!

    Can you confirm how many users you have please?

    We check the passwords of the following users roles:

    administrator, editor, author, contributor

    Thread Starter Panos

    (@xpanos)

    Only one. The administrator. The site its on air and not in offline mode.

    Instead of that, after checking our emails, Wordfence plugin found out that there were many login tries with our admin username (to mention that its not ‘admin’ or something easy to find) and that our security plugin will block for some hours our admin user from login in. Checking on our live traffic or with other ways if there is a compromise, its not and there was not try to login, not from human or bot. Our thinking is coming back on that once again and we think that when we run this test (the Weak Password security check) this problem with attempted login tries, happens because of that.

    Thread Starter Panos

    (@xpanos)

    Of course to mention that this only one user(admin) has a strong password already and we use 2FA authentification as an extra precaution, that provided from Wordfence plugin.

    Plugin Author ethicalhack3r

    (@ethicalhack3r)

    Ah, the weak password check actually works like a brute force attack under the hood. We didn’t think that it would trigger any brute force protection mechanisms from third-party plugins.

    We’ll have a look into it, and hopefully have a fix sometime later tonight.

    Sorry for the inconvenience!

    Thread Starter Panos

    (@xpanos)

    Thats alright @ethicalhack3r .. You already DO a great job! πŸ™‚

    Thank you for been around! :))

    Plugin Author ethicalhack3r

    (@ethicalhack3r)

    Thank you πŸ™‚

    We have just released version 1.14.1 which should fix your issue.

    Let us know if you have any further issues.

    Thread Starter Panos

    (@xpanos)

    After installing the version 1.14.1 the problem solved. If by problem solved means that we run the test and get a message “We were not able to brute force the password of any privileged user” πŸ™‚

    Regards

    • This reply was modified 1 year, 4 months ago by Panos.
Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘NEW” Weak Passwords” security check is not working’ is closed to new replies.