xarain
Forum Replies Created
-
Forum: Plugins
In reply to: [WP Content Security Plugin] Insecure Script-src and Style-srci dont think there is any ‘quick’ way around this given that word press core requires the use of inline scripts to work.
Instead, you need to use the hash-value and proceed to white-list each of them.Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Password PoliciesThanks for the clarification.
Look forward to this potential future enhancement.Hiya,
Quite a number of differences given that they run different themes and plugins.
Hence am i the only one so far that seems to have a problem with the brute force cookie method after this update?Thanks.
Ok the rename login function works now.
Back to the original question, so what about brute force cookie prevention method? or is that no longer recommended and i should switch to ‘rename login’ function? Thanks.
Hi mbrsolution!
1. Cleared my cache and I am using Google Incognito browser to simulate.
2. No such caching plugin that i am aware off. Have also purged the server cache just to be sure.Thanks!
Update: The Rename login page does not work all the time.
The Admin Login Page will load once you use the “secret url”. However, after typing in my credentials, i get this error which says ” ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress. ”
To get around this, i replace the “secret URL” above with /wp-admin/ and add “https” at the start. Only once this step is completed i will then be logged into the site.
Hope this helps with the bug report.
Yup, using the rename login page method works.
But here is the tricky part. I have 2 other sites who are running the latest version of All in One Security and the cookie method still work so i am quite puzzled over what is happening. Thanks!
Hi!
I have the same problem. After applying this update the function of “Cookie Brute Force Prevention” is no longer working. When i type in the secret word, i still get redirected.
(e.g. https://mywordpresssite.com/?Secretkey=10 )I didn’t yet apply this new AIO update to my other sites hence i did not notice the problem there yet!
Hope this helps!
Forum: Plugins
In reply to: [Clef Two-Factor Authentication] WP Admin Page with CLEFHi Laurence,
Sorry for my long winded posted. Basically what i am trying to say is If i found another site using CLEF and if i used my CLEF WAVE, while it rejects my login the login page (ID/PWD) will be shown to me which to me makes it less secure (kinda like guessing the backdoor URL address to login via ID/PWD)