Daniel Convissor
Forum Replies Created
-
Hi Tomdkat:
Perhaps the problem you ran into creating a good password is you’re using “leet” speak. So you think the password is “mangled” enough, but it’s really not, since leet conversions are quite common. Part of the plugin’s password strength checks converts leet speak to normal letters and then runs checks on that.
Creating secure passwords isn’t hard and the plugin says what the shortcoming is. Once you pick a good password, you’ll be good to go.
Just to make sure about something, can you please run the following query and post the result back here (or email it to me):
select user_login, ip, count(*)
from wp_login_security_solution_fail
group by user_login, ip
order by user_login, ip;Anyway, to ditch the settings, run these queries:
DROP TABLE wp_login_security_solution_fail;
DELETE FROM wp_options WHERE option_name LIKE ‘login-security-solution%’;
DELETE FROM wp_usermeta WHERE meta_key LIKE ‘login-security-solution%’;Here’s a stab in the dark guess based on the symptoms and problems that have been reported by others… Is your web server behind a proxy? That would cause all hits and login failures to show up as coming from one IP address. That means all login failures count against all users. See the FAQ for how to deal with proxies.
Hi Robypre: Not sure what’s going on with your setup. Maybe it’s a conflict with WP Super Cache? You’ll have to do some debugging to figure it out. Also, it’s highly advisable to upgrade to WP 3.5.1. –Dan
Forum: Plugins
In reply to: [Login Security Solution] Change all passwords reloads – nothing happensThe process sets a flag named
login-security-solution-pw-force-changein theusermetatable for each user _except_ the person who initiates the password reset process (read: you).Forum: Plugins
In reply to: [Login Security Solution] Feature SuggestionI get the impression that most attacks are automated. Also, I don’t want the attacker to know that we’re on to them, so they’ll end up wasting more time.
Forum: Reviews
In reply to: [Login Security Solution] Please get rid of maintenance mode warningHi Frank:
Glad you figured out what was going on. That message is intended for sites with multiple admin users. So when one person sets it so they can do some major site overhauls, the other admins will see the notice and be reminded that they shouldn’t touch anything until the overhaul is done.
With that in mind and your saying “Works very well, love it,” it would be nice if you can bump up your rating from a 3, please.
Hi Mcrawley:
Have you tried it out? I have a feeling it will work fine.
–Dan
Forum: Plugins
In reply to: [Login Security Solution] Question about attack notificationHi Tomdkat:
I have no idea how Simple Login Log works, sorry. You can look at the plugin’s source code to find out or ask in their forum.
Good luck,
–Dan
Forum: Plugins
In reply to: [Login Security Solution] wp-login.php gives error after mistyped/bad loginNo reply. Oh well…
Forum: Plugins
In reply to: [Login Security Solution] You've got a pull requestHey Christian:
Yeah, I saw them. I’ve been busy, sorry. I’ll get them in for the next release, though no promises when that will be. Sorry.
–Dan
Forum: Plugins
In reply to: [Login Security Solution] [Plugin: Login Security Solution] NOT RECOMMENDEDHi P3air: Please email me directly at danielc@analysisandsolutions.com with any specifics you don’t want the general public to see. That’s how all open source projects handle sensitive data regarding security problems. Thanks.
Forum: Plugins
In reply to: [Login Security Solution] Will I have to reset password when travelling?It depends on how your site is being attacked. If they’re going after your specific user name, then yes. If they’re attacking other user names, then you won’t have to worry about it.
Forum: Reviews
In reply to: [Login Security Solution] Please get rid of maintenance mode warningHi Frank:
That message is off by default. You or another admin on your site turned it on. To turn it off, go to Settings | Login Security Solution page, scroll down to the “Misc” section, look at the “Maintenance Mode” option, click the “Off, let all users log in” radio button then click the “Save Changes” button.
–Dan
Forum: Plugins
In reply to: [Login Security Solution] new to plug inThe maintenance notice is not turned on automatically. It was enabled by you or someone on your team. To turn it off, go to the Login Security Solution settings page.
Forum: Plugins
In reply to: [Login Security Solution] wp-login.php gives error after mistyped/bad loginAlmasig:
I’d love to help here, but need your help.
–Dan