Jelena
Forum Replies Created
-
Hi,
Sorry to hear about the trouble you’re having.
When you rename your login page, Shield will respond with a 404 not found when a non-logged-in visitor attempts to access either the login page, or any page under ‘/wp-admin/’. This is because normally, accessing the wp-admin will redirect the visitor to the login page and since it’s hidden, we don’t want to do that automatically.
What we could suggest here is to use a ‘forceoff’ file to get back in and change plugin settings. Please see here how to do this:
https://icontrolwp.freshdesk.com/support/solutions/articles/3000000959Once you’re in, you may go to the Login Guard module => Hide WP Login Page => and remove your new created login url => save. Then, you may remove a ‘forceoff’ file.
It’s also worth of mentioning is that, if you attempt access ‘wp-admin’ but you’re still getting 404 even after logging in. please ensure that you’re running the latest plugin v8.5.6. If that doesn’t help, then you’re probably running into an aggressive caching problem. In that case, you can you try disabling any caching system you have running and attempting it again.
Let us know how you get on and if you have any other questions about this.
Thanks.
- This reply was modified 6 years, 3 months ago by Jelena.
Hi,
You may try to go to the Comment SPAM module => Messages => GASP Checkbox Message => and remove the current message => save changes.
Then, enter the default message
I’m not a spammer.… save.
Let us know if this was helpful for you.
Thanks.
Jelena
Hi,
Thanks for your question.
LearnPress’s already supported with respect to the Login Guard module and its features like reCAPTCHA, bot protection and 2-factor authentication. This is available in the pro version only.
If you need pro support, please feel free to contact us directly here as, per forum rules, we can’t support pro on wp.org forums.
Many thanks for your understanding.
Jelena
- This reply was modified 6 years, 3 months ago by Jelena.
Hi,
Sorry to hear about the trouble you’re having.
This is a firewall block.
When Firewall blocks something on your site, the first thing to do is to go to your Audit Trail and find the Firewall entries (what’s triggering the block).
Then, you may go to Firewall module => Whitelist => and whitelist parameters that’s getting blocked. Please see here how to do this:
https://icontrolwp.freshdesk.com/support/solutions/articles/3000070467Here are some of the firewall block entries in the audit trail and the parameters examples that can be helpful for you:
https://icontrolwp.freshdesk.com/support/solutions/articles/3000079746You can also let Shield to whitelist the parameter automatically. Just click the ‘Whitelist Param’ link for that firewall entry in your audit trail and it’ll be whitelisted for you automatically.
It’s also worth of mentioning that, if you ever get locked out (blacklisted) by Shield, this is how to get back in:
https://icontrolwp.freshdesk.com/support/solutions/articles/3000000959Once you’re in, you may go to the IP Lists section of the Shield Security Dashboard and remove your IP from the blacklist.
Hope this helps.
Thanks.
Jelena
- This reply was modified 6 years, 3 months ago by Jelena.
Hi,
In all likelihood there’s another plugin installed on your site that’s being quite aggressive in enqueuing its own CSS styles all over the WP admin.
Best way to find it is disable each plugin (or theme), 1 at a time, and reload the Shield admin. When it loads normally, you’ve found the problem plugin.
Best thing is to reach out to the problem plugin and ask them to be much more selective about which WP admin pages they’re enqueuing their CSS styles, since they don’t need to force it on every admin page.
Thanks.
Hi,
Thanks for your question.
Security Admin feature is best solution for this. Please see here how to enable it:
https://icontrolwp.freshdesk.com/support/solutions/articles/3000000956Once you have this enabled, you may go to the Security Admin Restriction Zones and turn on the ‘Admin Users’ option. Please see here:
https://icontrolwp.freshdesk.com/support/solutions/articles/3000069761This will restrict access to create/delete/modify other Admin users. Only the admin users that are authenticated with the Security Admin Access key (Security Admins) will have permission to modify, delete or create other admin users.
Hope this helps.
Thanks.
jelena
- This reply was modified 6 years, 4 months ago by Jelena.
Hi,
Thanks for your question.
It would be great if you could let us know what checkbox you’re referring to, please. Is it about “I’m not a spammer.” checkbox or Recaptcha?
Also, do you use any other plugin that might affect this checkbox? Perhaps SG Optimizer plugin?
Many thanks.
Jelena
Okay, great.
Thanks.
Hi Ian,
Sorry for the trouble you’re having.
We responded to the support thread related to this issue a month ago:
https://wordpress.org/support/topic/scans-are-currently-disabled-site-currently-cant-make-http-requests-to-itself/We added this check for being able to send web requests to itself in the Shield scans in order to highlight the potential problem.
If you don’t know why your site can’t make HTTP requests to itself, you may need to discuss this with your host.
So the next place we’d check, is with your webhost to see if they can clarify whether the configuration would be blocking such requests in the first place.
An example is .htaccess rule that block access to a site except from certain IP address, in which case you’ll need to whitelist your server IP.
Hope this helps, Ian.
Regards,
Jelena
Hi Divya,
We’re sorry to hear about the trouble you’re having.
This is an non-critical error that only occurs during the upgrade of the plugin to 8.4.0. It should only have occurred once.
We’ve spotted it and released an update to address the issue.
You may update plugin to the latest v8.4.3 so you don’t see this error anymore.
Thanks.
- This reply was modified 6 years, 5 months ago by Jelena.
Hi Vivienne,
Sorry to hear about the trouble you’re having.
Shield Security Pro supports the Ultimate Member plugin. Are you using Shield Pro on that site?
It’s hard to know what could have caused the problem you’ve described… we’ll need to know how your Shield is configured. especially what Login Protection and User Management modules settings you’re using.
Having said that, you may try to completely disable either of these modules first. After disabling a module that finds the problem, test turning off certain settings one at a time to see what exact option is causing the problem.
Let us know how it went.
Thanks.
Hi George,
Sorry about the trouble you’ve been having.
We’ve added to our latest release (8.2.2) a check that a site can send an HTTP request to itself before allowing scans to run.
In other words, Shield has a check in the Scans section that highlights the scans wont work unless a site can make HTTP requests to itself.
If you don’t know why your site can’t make HTTP requests to itself, you may need to discuss this with your host.
An example is .htaccess rule that block access to a site except from certain IP address, in which case you’ll need to whitelist your server IP.
Thanks.
Jelena
Hi,
Thanks for the update and for sharing this article with us. I’m sure that Shield users will find it very useful. 🙂
Just to point out a few things about the Security Admin feature and it’s importance…
Shield is the only WordPress security plugin with a WordPress-independent security key to protect itself.
One of the most critical aspects to any WordPress security plugin is whether the plugin itself is protected against unauthorized access.
Consider what it means if it isn’t secured – anyone with administrator access to a WordPress site, regardless of whether they are supposed to have it or not, can change your WordPress security features.
Security Admin helps to restrict both accidental and malicious changes to your security policy, and you can be confident in your change management processes that you, or only those that know the authentication key, can and could have changed your settings.
When it’s active, until you authenticate you will not be able to:
– view any Shield plugin settings,
– change any plugin settings,
– deactivate the plugin, or
– uninstall the pluginWe encourage all users of Shield to turn on this feature immediately after installation. This ensures your WordPress security is locked down from the beginning.
If you forget your key you can always turn the whole plugin off using FTP and then delete/create a new access key easily. This is how to do that:
https://icontrolwp.freshdesk.com/support/solutions/articles/3000017219-help-i-can-t-remember-my-security-admin-keyRegards,
Jelena
- This reply was modified 6 years, 7 months ago by Jelena.
Hi Miguel,
We’ve just responded to your support ticket about this. Ticket
#11424.We kindly suggest you to check your email. We await for your response.
Many thanks.
Jelena
Hi,
Just letting you know that we’ve already responded to your support ticket on this matter. Ticket #3206.
Please check your inbox.
Thanks.
Jelena
- This reply was modified 6 years, 8 months ago by Jelena.