Daniel Convissor
Forum Replies Created
-
The full IP address has been added in the new 0.43.0 relesae.
Forum: Plugins
In reply to: [Login Security Solution] No IP trackingAre you behind a proxy or load balancer? See step 2 of the installation instructions at http://wordpress.org/plugins/login-security-solution/installation/
Forum: Plugins
In reply to: [Login Security Solution] Brute Force attack IPThe full IP address has been added in the new 0.43.0 relesae. I have no plans at the moment for other layers of blocking.
Forum: Plugins
In reply to: [Login Security Solution] Incomplete IP AddressesThe full IP address has been added in the new 0.43.0 relesae.
Forum: Plugins
In reply to: [Login Security Solution] WP 3.6 (MultiSite) – Cannot change SettingsHi:
I tried 3.6 multisite right now. Saving settings worked fine. Perhaps you’re trying to set values that are do not meet the minimum requirements for the given field?
Upon saving, a message will be shown above the “Login Security Solution Settings” heading. What does the message say when you save?
–Dan
Forum: Plugins
In reply to: [Login Security Solution] Issue with WordPress.com stats (Jetpack)Hi Dose123:
People landed on the home page? That’s odd. The intention of WP’s
wp_login_url()function is generally to redirect users to wp-login.php.Here’s an example of the URL that should be coming out:
wp-login.php?action=retrievepassword&login-security-solution-login-msg-id=pw_forceThat extra stuff after the question mark are cues to the login page to use the password reset layout, plus a clue to my
login_messagefilter to append a message for the user saying their password must be reset.As previously requested, please provide the URL that you get redirected to.
Thanks,
–Dan
Forum: Plugins
In reply to: [Login Security Solution] WP 3.6 (MultiSite) – Cannot change SettingsWhen in multisite mode, settings need to be changed via the Network Settings interface at wp-admin/network/settings.php?page=login-security-solution
That’s navigated to via My Sites | Network Admin | Settings | Login Security Solution.
Forum: Reviews
In reply to: [Login Security Solution] Problems with WordPress.com stats (Jetpack)Hi Dose123:
Thanks for letting me know about the problem. The easy place to report bugs is this plugin’s support threads in WordPress’ forum: http://wordpress.org/support/plugin/login-security-solution
Is it really appropriate to grade a plugin on a bug that hasn’t been reported, involves another plugin (since the bug could be there), and that other plugin actually interacts with a an external web server beyond the local WordPress install where the plugin being graded isn’t even installed?
Anyway, now that we’re here… When Login Security Solution forces the logout, it uses WordPress’
wp_login_url()function to redirect the user. That’s the official way to do things. Can you please tell me the URL that users get redirected to when LSS forces them to log out?Thanks,
–Dan
Forum: Plugins
In reply to: [Login Security Solution] Plugin Rejecting Solid PasswordsIan:
Closing this for lack of response. If you track down a problem with Login Security Solution, please reopen this thread.
Forum: Plugins
In reply to: [Login Security Solution] Issues with WoocommerceWhen you open that ticket, please post a link to it here.
Forum: Plugins
In reply to: [Login Security Solution] Issues with WoocommerceHi:
Looks like a problem with Woocommerce. I examined their code. The source of your problem is that they created their own login and password reset process but that process does not call WordPress’
apply_filter('login_message'). Nor do they useapply_filter('login_errors').This is stuff that needs fixing on Woocommerce’s end. Please open a bug report at https://github.com/woothemes/woocommerce/issues .
In the mean time, it looks like their login messages are handled by the
woocommerce_show_messages()function. That’s defined inwoocommerce-template.phpin a way that lets you override it. So, for example, you can put a betterwoocommerce_show_messages()function in your theme’sfunctions.phpfile.Good luck,
–Dan
Exactly. You’re welcome.
Forum: Plugins
In reply to: [Login Security Solution] Plugin Rejecting Solid PasswordsAny luck, Ian?
Forum: Plugins
In reply to: [Login Security Solution] Locked out of own siteHi Again Tallowood:
I was just looking at the Simple Login Lockdown plugin’s page and noticed the following text:
3. After a certain number of failed attemps (defaults to five), further attemps to access the wp-login.php page are blocked for a time (defaults to one hour).
That sounds exactly like the behavior you’re seeing. And the source code of the plugin calls
wp_die()with a 403 response code.Forum: Plugins
In reply to: [Login Security Solution] Locked out of own siteHi csckauf:
Network IP 0 107.xx
Username 7 xxx
Password MD5 0 xxxThat means someone tried to log into using your your user name seven times. They didn’t get in. The 0 for “Network IP” and “Password MD5” indicates the attacker (or whomever) was coming from a different IP and using a different password than you used to successfully log in. Login Security Solution noticed those prior seven failures and immediately logged you out and is requiring you to reset your password (to ensure you are who you say you are).
Please enter your username or email address. You will receive a link to create a new password via email.
That message is produced by WordPress’ “Lost Password” page. The fact that you didn’t receive an email from WP’s password reset process could be due to several problems (spam filteres, incorrect user name or email address, etc). Login Security Solution is not involved with that process.
Note: If you want to override the password reset requirement, and you have direct access to your database, you can run the following query (adjust the
wp_in the table name to be whatever your$table_prefixis):DELETE FROM wp_usermeta WHERE user_id = <yourID> AND meta_key = 'login-security-solution-pw-force-change';Good luck,
–Dan