Jelena
Forum Replies Created
-
Hi,
This message is related to the Security Admin and generates if you’re not putting in password into both fields.
Have you tried using another browser and see how it works?
It’s possible that the browser or other addon may pre-fill a password in a form. You’ll have to probably tweak its settings to not to do that on your WP admin area.
Hope this helps.
Jelena
Hi,
Can you tell us if this is a once-off, or is it repeating error, please?
Also, it’s worth reinstalling Shield to ensure nothing is broken there.
Thanks.
Jelena
Hi Hassan,
I think there is a plugin conflict between SmartCrawl and Yoast SEO plugin.
You can try enabling Yoast SEO, and then enable:
Page Analysis option; or
Readability Analysis option;
or both.You’ll get a broken Posts page:
https://www.screencast.com/t/4ivb4vEqEB0No console errors.
If you disable SmartCrawl completely and have only Yoast SEO enabled, or vice versa, Posts page loads correctly.
Hope this was helpful for you in some way.
Regards,
Jelena
Forum: Fixing WordPress
In reply to: Editor role can’t login (wp-admin) on the backend of the siteHi,
If you’re getting warning about the critical error on your site, it’s likely plugin or theme that is causing this.
You can check your emails for the error details. Email is sent to your site admin email address, and the email subject is:
Your Site is Experiencing a Technical IssueLook for this email. It’ll tell you what exact plugin/theme is causing this and error details.
If you haven’t received this email, you can then
1) Disable the all plugins you have on your site at the same time. And then test to see if that works.
If it works, then enable 1 plugin at a time and test to see which one is causing the problem.
Once you find it, you can reach out the plugin author and let them know about the problem.
2) If it’s not about the plugin, then you can do the same with your themes.
Hope this helps in some way.
Good luck!
Hi,
Thanks for the update.
You’re not affected because you have whitelisted your IP.
The checkbox in-question here is a checkbox that is automatically inserted into the WordPress login form. (“I’m a human” checkbox)
Shield is founded on using standard WordPress API/hooks/filters. If you are using a custom login form that doesn’t use these standards, then it’s possible that the form doesn’t fire the necessary WordPress hook that allows us to insert the checkbox.
Since you’re using a custom login form, this is why this checkbox isn’t present.
You have 2 options:
1) Turn off the Bot Protection option within the Login Guard module since your custom login form doesn’t support it
https://www.screencast.com/t/GlUUv1v5h2) Or, don’t use a custom login plugin/theme or use one that supports standard WordPress login hooks.
Hope this helps.
Hi,
Firstly, happy to hear that you like Shield. π
Thanks for being so very cooperative and for providing additional info about the problem.
The audit trail entry you provided for this user is telling us the following:
1) 1st login attempt failed. User did not check the “I’m a human” checkbox. This triggered Shield offense.
2) 2nd login attempt: He checked the checkbox and managed to login successfully.
What you could try doing is set the Failed Login to “log” instead of incrementing offenses, until you can fully ascertain what’s happening so folk don’t get blocked.
https://www.screencast.com/t/JP1fxS8gg
Maybe they forget to check this bot checkbox, or maybe it isn’t showing for them at some point. You’ll need to investigate this…404 detected at β/pm_login/tact.gifβ
means that user tried to load a non-existent page.You can set this block to “log” only as well (if not already).
https://www.screencast.com/t/z4a1SW8kDz
This will ensure that your users are not get blocked when they hit the 404s.
You can also review this page, because this can be a non-existent page or legitimate link on your site that is 404.Hope this helps.
We’ll be here for any further help you may need.
Thanks.
Hi,
Sorry to hear about the trouble you’re having. We’re here to help, however we can.
Whenever you or your users are getting blocked by Shield, best is to review your audit trail. It’ll tell you what exactly have happened, and you’ll know the possible reason of the block. Then, you can resolve the problem easily.
This is how to use audit trail:
https://icontrolwp.freshdesk.com/support/solutions/articles/3000070244Please feel free to pick up one of the IP addresses of the users that are getting blocked, filter audit trail logs by that IP address and let us know what results you get. It would be great if you could provide a screenshot.
This is an example screenshot (logs filtered by IP and audit log results for this IP):
https://www.screencast.com/t/fj6AkDkCMThanks.
Hi,
Please find below answers to your questions.
1) Google Authenticator (GA)
When you enable GA 2FA, the next step is to set it up for your user account (through your Profile page).
If you’ve had GA set for your profile in the past (on your old phone), you’ll not be able to see GA option on your Profile page. The reason for this is that GA is already set and you can use it.
To setup GA for your new phone, please remove GA first from your account (Profile page), and this is how to do that:
https://icontrolwp.freshdesk.com/support/solutions/articles/3000058935Then, you can set it up for your new phone (scan the QR code, etc.), and this is how to do that:
https://icontrolwp.freshdesk.com/support/solutions/articles/30000475402) Setting stikethroughs now for some of the options
This means that these modules are completely disabled. You’ll need to enable them, for example, this is how to enable Block Bad IPs/Visitors module:
https://www.screencast.com/t/FddbS4hkHope this helps.
Thanks.
Hi,
Thank you very much for your your valuable feedback.
Your suggestion has been added to our list of requests for consideration here:
https://shieldsecurity.nolt.io/69We appreciate your time and please donβt hesitate to share your thoughts in the future. We’d be more than happy to hear from you.
Thanks.
Hi,
We appreciate the feedback and suggestion with this.
We’ll look at how we can improve this. We’ll have a think on it and consider the best way forward.
Many thanks and may we wish you a nice Sunday! π
Hi,
Sorry to hear about the trouble you’re having.
Whenever you get blocked/locked out as a result of Shield, you can use a “forceoff” file to get back in. Forceoff will keep Shield active, allowing you to get back in and change settings.
To forceoff, please follow the steps outlined in this guide here:
https://icontrolwp.freshdesk.com/support/solutions/articles/3000000959Once you get back in, you can go to the IP Lists section and remove your IP from the blacklist:
https://icontrolwp.freshdesk.com/support/solutions/articles/3000072655Then, you may remove a “forceoff” file.
It would be also good to check your audit trail, to find the problem cause – why you’re getting blocked. Once you find it, you can change the Shield settings.
If you don’t know how to interpret audit trail entries related to blocking, you may send it to us and we’ll interpret it for you.
Hope this helps.
Thanks.
Jelena
Hi,
We’re sorry, but since this isn’t a security issue for the WordPress site, this isn’t something Shield supports blocking.
You will probably need to write some custom code to block requests like this.
Hope this helps in some way…
Thanks.
Okay, thanks for this, Mike.
We’ll keep you posted on this.
Thanks again.
Hi,
Glad to hear that you managed to sort it out.
Whenever you get blocked/locked out as a result of Shield, you can use a forceoff method. This will keep Shield active allowing you to get back in and change the settings.
Regarding “Lock To Location” option…
When you enable this option, a session will be restricted to the same IP address as when you logged in. If your logged in IP address changes, the session will be invalidated and you’ll be forced to re-login. You’ll get a warning:
βYour session was locked to another IP Address.
Please login again.βSo, if you want to use this option but not being logged out, ensure that your logged in IP address doesn’t change.
We also recommend you to read little bit about Shield’s user sessions here:
https://www.icontrolwp.com/blog/user-sessions-whos-logged-wordpress/Hope this helps.
Thanks.
Hi Mike,
Thanks for letting me know that you’re using the free version of Shield.
Can you share the URLs of these 2 plugins here sow we can take a look, please?
Many thanks for your help.