Daniel Convissor
Forum Replies Created
-
Forum: Plugins
In reply to: [Login Security Solution] LSS and Amazon Elastic BeanstalkPlease read the installation instructions. You can do so either via the readme.txt file in the plugin or at https://wordpress.org/plugins/login-security-solution/installation/
I’m testing on WP 4.4 right now and it works as expected.
Forum: Reviews
In reply to: [Login Security Solution] To secure for my usersThe plugin remembers valid users’ IP addresses when they change their password. There are two ways users would have to redo their passwords more than once:
1) The user is coming from a different IP address
2) You’re behind a load balancer or similar. See the installation instructions on how to resolve that.
Forum: Reviews
In reply to: [Login Security Solution] Message needs to be corrected.Oops! Good catch. Fixed in git repository. Will be in 0.54.0 release. Thanks.
Forum: Plugins
In reply to: [Login Security Solution] US_Layout cannot be empty?That string is not part of Login Security Solution.
Fixed in git. Will be in the 0.54.0 release.
Forum: Plugins
In reply to: [Login Security Solution] Locked OutFor the record, Login Security Solution offers the best brute force detection. It checks for any combination of password, user name or IP range. All of the plugins I’ve examined, including All In One, only looks at the IP address. Over the past couple months, I’ve noticed that attackers have so many bots at their disposal that they use a different IP address for nearly every request.
Real world example… One of my sites got 126 failed login attempts yesterday from 112 different IP addresses. These addresses aren’t even in the same IP range. This particular attacker’s control server picks three likely user names and one password then tells three bots to try one combination. Then it picks another password and has three _other_ bots try those combinations. Rinse and repeat. LSS stopped them. Other plugins don’t.
Closing for lack of reply.
Good point. I’ll batch it.
Forum: Plugins
In reply to: [Login Security Solution] MySQL Character Set latin1_swedish_ciLSS does not set the table’s encoding.
Forum: Plugins
In reply to: [Login Security Solution] How to disable that plugin from SQLThis plugin doesn’t do anything special with how passwords are saved. All the back end stuff is done by WP. This plugin just runs a check on the proposed new password. If LSS doesn’t like the pw, it stops WP from continuing with the save process. If LSS is happy with the pw, WP marches on through it’s regular routine.
FYI, by default, WP uses a complex hashing routine, not MD5.
Forum: Plugins
In reply to: [Login Security Solution] Locked out of siteThis plugin doesn’t touch any .htaccess files. Seems you have some serious problems. Perhaps your site has been compromised via some vulnerability?
Forum: Plugins
In reply to: [Login Security Solution] Users unable to reset their passwords@heller_benjamin: Your problem is coming from some other plugin. Looks like you need to grep (search) your code base for “premium_update_push”
Forum: Plugins
In reply to: [Login Security Solution] Locked OutI have a feeling you’re behind a load balancer. To verify, SSH into your webserver. Invoke the MySQL client (
mysql -u your_sql_user_name -p your_database_name). Then run this query:SELECT ip, COUNT(*) FROM wp_login_security_solution_fail
GROUP BY ip ORDER BY COUNT(*) DESC;If you have only one row (or very few rows) show up, my hunch is right. To rectify that, please read the installation instructions. You can do so either via the readme.txt file in the plugin or at https://wordpress.org/plugins/login-security-solution/installation/
Forum: Plugins
In reply to: [Login Security Solution] IFTTT doesn't workSSH into your webserver. Invoke the MySQL client (
mysql -u your_sql_user_name -p your_database_name). Then run queries against thewp_login_security_solution_failtable to examine what’s going on. I’m guessing that the IFTTT plugin has the wrong user name and/or password.