Daniel Convissor
Forum Replies Created
-
Forum: Plugins
In reply to: [Login Security Solution] Login password required twice before workingDo you have any more details?
Robypre:
The editor being unable to log in could be because you turned on the “Disable logins from users who are not administrators and disable posting of comments” option. Did you turn that on at some point, perhaps by mistake or not knowing what it did? When that option is on, users will see a message saying “The site is undergoing maintenance. Please try again later.”
As far as not being able to change the settings, the only idea I have maybe your installation is set up as a multisite network and you’re logged in as a regular admin, not a network admin. Beyond that, you’ll have to track down exactly what’s going on and/or provide more details.
–Dan
Forum: Plugins
In reply to: [Login Security Solution] [Plugin: Login Security Solution] NOT RECOMMENDEDSo Apple, Twitter and the New York Times recently explained to the public that they’ve had security problems and what happened. But P3ear is too important to provide accurate information.
Forum: Plugins
In reply to: [Login Security Solution] Conflict with 'Better WP security' pluginHi Dan:
This is covered in the FAQ:
http://wordpress.org/extend/plugins/login-security-solution/faq/–Dan
Hi Dan:
That’s odd. My
redirect_to_login()method useswp_login_url()to generate the URI, which is the “right” way for me to do this. Perhaps some of your code or that of a plugin or template you’re using has alogin_urlfilter hook that changes the destination?–Dan
Forum: Plugins
In reply to: [Login Security Solution] Feature suggestion and delay vs block rehashHi Frisco:
LSS is operating the way I feel is optimal. Having the monitoring software filter out wp-login.php is the way to go here.
The 15 second apart thing has to do with the attacks being made by automated software that can run multiple threads and/or abort and retry if the reply is not timely.
I have no plans to create a blacklists, sorry.
Thanks for the feedback,
–Dan
Forum: Plugins
In reply to: [Login Security Solution] Feature suggestion and delay vs block rehashHey Frisco:
Your monitoring software shouldn’t be experiencing slowdowns.
The slowdowns only impact login attempts. Is the monitor trying to log in? Is it sending auth cookies? Is it doing so using IP addresses (perhaps due to proxies for your servers) or user names that the attackers are using?
Thanks for the kinds words.
–Dan
Forum: Plugins
In reply to: [Login Security Solution] Login password required twice before workingI haven’t heard any reports of this happening to other people and I don’t know what the problem could be. If you track it down, please let me know.
@robypre: Do you have any further insights?
Forum: Plugins
In reply to: [Login Security Solution] Attack Happening NotificationPlease see the “Full IP address” thread in the Login Security Solution forums:
http://wordpress.org/support/topic/full-ip-addressForum: Plugins
In reply to: [Login Security Solution] Full IP addressIt’s in the
<prefix>_login_security_solution_failtable.Forum: Plugins
In reply to: [Login Security Solution] Full IP addressIt’s in the
<prefix>_login_security_solution_failtable.Forum: Plugins
In reply to: [Login Security Solution] Back to BasicsThis section of the forums is for people seeking help with the Login Security Solution plugin. It seems you need to seek support in another section of the website. Good luck.
Forum: Plugins
In reply to: [Login Security Solution] I just installed this, now I can't get in myself!Either you or someone on your team turned on the maintenance mode. It’s not on by default. Maintenance mode lets users log in via any account that has administrator level privileges.
Hi Tom:
I modified the plugin to ignore failed cookie auth attempts if the username or password hash are empty. This is in version 0.35.0 that just came out.
Thanks for the excellent research.
–Dan