Support » Plugin: Shield Security - Smart Bot Blocking & Intrusion Prevention Security » Today's Update (Oct. 23rd, 2015) Locked me Out

  • When the plugin updated today it locked me out of my wp account on my hosting plan and insists I don’t have a wpfirewall user login.

    Somehow, it’s managed to load a login from my wordpress.com days – many years before this – and one I’ve never used to login here. I assume that’s a wp issue somehow.

    But the firewall will not accept the login I use for this wordpress installation.

    Currently I’ve had to rename the plugin so it’s “off” and I can login, but I don’t know how to change the firewall settings with it off.

    I use cloudflare, which was set to development mode (or off) before I logged into my wp account, so it’s not likely related to that which is the only time I’ve had a login issue for this installation of wp.

    https://wordpress.org/plugins/wp-simple-firewall/

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter GraceyS

    (@graceys)

    Also just to note before someone asks, I did not set up a specific user ID for the firewall since I’m the only user on the entire account. I never entered an admin name or password for that function.

    Thread Starter GraceyS

    (@graceys)

    I really need some help with this please. This has been a great plugin up until a recent automatic update.

    Yes, I have already read through the pages related to being locked out. NO, they do not answer this nor do any of the fixes work.

    https://icontrolwp.freshdesk.com/support/solutions/articles/3000000959-i-m-locked-out-of-my-own-site-

    and

    https://icontrolwp.freshdesk.com/support/solutions/articles/3000017219-help-i-can-t-remember-my-admin-access-restriction-key

    1. I NEVER enabled this feature, yet there is a key of some sort sitting in the “key box” on this feature page in the plugin.

    2. I’ve followed the instructions to upload the forceOff file. This has allowed me to check the settings page in the plugin. (you can’t do that if you simply rename the plugin’s folder since the settings aren’t available that way).

    I took a screenshot of the settings on the page for the WordPress Security Admin in the WP Simple Firewall. This is not set to on.

    http://myorilliamommy.blogspot.ca/2015/11/simplefw.html

    However, whenever I enable or activate this plugin, it is kicking me right out of my WP admin panel before I can do anything else, and the message it’s giving me is that I don’t have an admin access key.

    What else would this relate to if not this page in the plugin?

    I really would like to get this sorted out please. This has been one of my favourite plugins, and I’d hate to have to use some other security plugin.

    I don’t want to have to turn this off in my cPanel file system every time I want to update my site.

    Is there some way to edit the code for simple firewall to remove this feature totally?

    Thread Starter GraceyS

    (@graceys)

    I also think the issue I am encountering is quite similar to the one described in this thread:

    https://wordpress.org/support/topic/login-chrome-and-admin-access-key-broken-in-4110?replies=5

    And I also use Chrome.

    Plugin Author Paul

    (@paultgoodchild)

    sorry about the trouble here and for not getting back to you sooner.

    I can’t view that screenshot – only invited people can see that. Try something like Jing where you can upload your screenshots to a public url:
    https://www.techsmith.com/jing.html

    I’m confused about the error messages you’re seeing. You said:

    However, whenever I enable or activate this plugin, it is kicking me right out of my WP admin panel before I can do anything else, and the message it’s giving me is that I don’t have an admin access key.

    Are you saying you’re being kicked back to the WordPress login screen and the error message is pertaining to your admin access key? Can you quote the exact error message you’re seeing please? A screenshot would be great. (Security Admin Access should never kick you out of WP)

    Could you also confirm for me whether or not the “Security Admin” module is enabled? Click on ‘Security Admin’ and take a screenshot of that page (while your forceOff is in place).

    Could you try deactivating the plugin, uninstalling it, and reinstalling it from WordPress.org? It’s possible the update wasn’t completed properly by WordPress and you have inconsistent files.

    The more I can see of your plugin configuration, the better and getting exact error messages helps me to pin-point the problem.

    Thanks! And sorry for the delay again…

    Thread Starter GraceyS

    (@graceys)

    Sorry about the screenshot. I make that blog private because I only use it for uploading stuff. I did make it public in case you need to see it.

    [Are you saying you’re being kicked back to the WordPress login screen and the error message is pertaining to your admin access key? Can you quote the exact error message you’re seeing please? A screenshot would be great. (Security Admin Access should never kick you out of WP)]

    Yes, that’s exactly what was happening. I don’t recall and can’t get the error message, but it was basically something like “you don’t have a valid access key for simple firewall – enter key”. Which I had not turned on, though there was a key in the box that you would enter a key in. I’m not exactly sure where it was getting the key from. It was from one of the 2 installations I have. (had the same error on the other install, and just had to delete the firewall. Using another currently which I really hate.)

    In the intervening time this morning after having read the issue in the other thread, I got to thinking about it, and about wp in general.

    I’ve had several accounts over the years – still have several sites on wp.com. The login for any wordpress site I try to access automatically comes up with the login for the free hosted sites. I clear it, and enter my one for either of these 2 installs, and it won’t take it. I have to login from my back-end to make my new passwords for my new installs work.

    Sorry, I know that’s a bit out of the firewall issue but it might be related. The “sticky” business, I guess.

    Several times I’ve had to use the myPHPAdmin folder on CPanel to actually be able to login to either of these new wp installations. Part of this is due to cloudflare, which I now disable before logging in.

    Cloudflare was disabled when the issue happened with the plugin kicking me out.

    But I wondered if some of those old passwords were still sitting in Chrome, even though I clean out my cookies using CCleaner fairly regularly.

    I went through Chrome and deleted a bunch of old passwords, only retaining the current ones for anything wp.

    Then I restarted my browser and logged into my site file manager and deleted the forceOff file from the firewall plugin.

    I’ve been able to login without being kicked off twice.

    I think it might be an issue with Chrome’s ability to store old cookies and logins almost forever.

    I haven’t taken the same steps with the other site using the different security plugin, but either later tonight or tomorrow (on my way to cataract surgery this morning) I’ll reinstall simple firewall and see if it kicks me out or not. If it does, I’ll grab a screenshot and let you know.

    Is there anything else you need if it kicks me off? Something I can access through file manager?

    Plugin Author Paul

    (@paultgoodchild)

    All I need is the exact error messages, what features are enabled, and what actions exactly you took that precipitated the problem.

    The Admin Access key will never log you out of WordPress – there is no code pertaining directly to the admin access key and login/logout error code. My feeling is that there’s a mixup here with error messages and where you’ve read them…. it’s easily done!

    Next time you see the error, copy it exactly and send it along with all the details you can.

    Thanks! 🙂

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Today's Update (Oct. 23rd, 2015) Locked me Out’ is closed to new replies.