Daniel Convissor
Forum Replies Created
-
Forum: Plugins
In reply to: [Login Security Solution] Change All Passwords does not seem to workIt does not require the person pressing the button to change their password. This is a common question. I’ve updated the text in the user interface to say so. It will show up in the 0.38.0 release. Thanks!
Forum: Plugins
In reply to: [Login Security Solution] QuestionI don’t know.
Forum: Plugins
In reply to: [Login Security Solution] Login BugThat’s annoying. I modified the login code a bit in the 0.37.0 release. I think this should fix the problem. Please reopen this thread if it does not.
Forum: Plugins
In reply to: [Login Security Solution] Italian translationSee the files in my plugin’s
languagesdirectory.Forum: Plugins
In reply to: [Login Security Solution] Statistical informationAnother user has posted a contribution toward that: http://wordpress.org/support/topic/feature-suggestion-6. I haven’t had a moment to look at it. Let me know how that is.
Forum: Plugins
In reply to: [Login Security Solution] This plug in ask for login 2 timesThat’s weird. I’ve never experienced that problem. Please upgrade to 0.37.0 and try again. If the problem persists, please edit my plugin to uncomment the log lines. (Do that by removing the triple hash comments:
###.) Then try logging in again. Please keep me posted.Forum: Plugins
In reply to: [Login Security Solution] Password Reset after UpgradeThat’s unrelated to upgrading. Perhaps it was coincidental to an attack being underway. Did you get an email saying such?
Dan: Have you had a chance to debug what’s going on? Thanks, –Dan
Thanks mehtuus.
Forum: Plugins
In reply to: [Login Security Solution] Blackberry App login failures not loggedVersion 0.37.0, released a few minutes ago, now monitors XML-RPC requests! Thank you so much for bringing this to my attention. Sorry it took so long to fix. It required a major rewrite of the plugin and I don’t have much free time.
Forum: Plugins
In reply to: [Login Security Solution] Feature SuggestionSorry I haven’t had a chance to look at your code yet. Just plugged a significant hole which required a major rewrite of the plugin, and been very busy in general. I look forward to seeing it.
Closing for lack of feedback.
Forum: Plugins
In reply to: [Login Security Solution] wp-login.php gives error after mistyped/bad loginVersion 0.37.0, released a moment ago, should fix this problem.
Forum: Plugins
In reply to: [Login Security Solution] [Plugin: Login Security Solution] NOT RECOMMENDEDI assume P3air is talking about login attempts from XML-RPC requests. Version 0.37.0, released a moment ago, now monitors those. This hole was recently brought to my attention by another user. It could have been fixed months ago if P3air was more forthcoming. Oh, well.
Forum: Plugins
In reply to: [Login Security Solution] Question about resetting passwordsWhat happens if the hacker continues to attempt to login to WordPress using my login id and incorrect passwords? I can see the hacker effectively blocking me from logging in to WordPress because I’m repeatedly having to reset my password, due to the _hacker’s_ failed login attempts.
Whenever you update your profile or reset your password, Login Security Solution stores your IP address to a white list. When someone successfully logs in during an attack, LSS checks the current user’s IP address. If the IP has not been part of the attack and is in the white list, you’ll be let through as a normal log in. The password reset step is used when the current IP isn’t in the white list (or matches one of the attacking addresses).
If a hacker attempts to login to WordPress using my id and the incorrect password, why am I eventually required to reset my password at all?
Because what if the attacker made a lucky guess? You’d have a real problem on your hands. So LSS uses the password reset process to verify the identity of people coming in from IP’s not in the white list.
Hope this clears things up. Let me know if you have any further questions.