Does not work with the login form at checkout-time, just as the hidden fields are not there, even if they actually are.
WordPress version: “latest” (5.3.2)
WooCommerce version: “latest” (3.8.1)
Security-Protection version: “latest” (2.3)
Actual generated code in the login form at WooCommerce checkout:
<form class="woocommerce-form woocommerce-form-login login" method="post" style="display:none;">
<p>If you have shopped with us before, please enter your details below. If you are a new customer, please proceed to the Billing section.</p>
<p class="form-row form-row-first">
<label for="username">Username or email <span class="required">*</span></label>
<input type="text" class="input-text" name="username" id="username" autocomplete="username" />
</p>
<p class="form-row form-row-last">
<label for="password">Password <span class="required">*</span></label>
<input class="input-text" type="password" name="password" id="password" autocomplete="current-password" />
</p>
<div class="clear"></div>
<p class="secprot-group secprot-group-code"><label>Copy this code "<span class="secprot-answer">asd321</span>" and paste it into input: <br /><input type="text" name="secprot-code" class="secprot-control secprot-control-code" value="2.3" /></label></p>
<p class="secprot-group secprot-group-empty" style="display: none;"><label>Leave this field empty: <br /><input type="text" name="secprot-empty-email-url-website" class="secprot-control secprot-control-empty" value="" /></label></p>
<p class="form-row">
<label class="woocommerce-form__label woocommerce-form__label-for-checkbox woocommerce-form-login__rememberme">
<input class="woocommerce-form__input woocommerce-form__input-checkbox" name="rememberme" type="checkbox" id="rememberme" value="forever" /> <span>Remember me</span>
</label>
<input type="hidden" id="woocommerce-login-nonce" name="woocommerce-login-nonce" value="e8ae04ad07" /><input type="hidden" name="_wp_http_referer" value="/shop/checkout/" /> <input type="hidden" name="redirect" value="https://www.wewant2live.com/shop/checkout/" />
<button type="submit" class="woocommerce-button button woocommerce-form-login__submit" name="login" value="Login">Login</button>
</p>
<p class="lost_password">
<a href="https://www.wewant2live.com/shop/my-account/lost-password/">Lost your password?</a>
</p>
<div class="clear"></div>
</form>Expected result: getting logged in, without leaving the shop’s checkout page
Actual result: getting redirected to wp-login.php, losing the cart after logged in
Hello,
Is it possible to correct the plugin to be compatible with the login widget coming with s2Member Pro (you can find s2Member Pro on GitHub to be able to test) ?
For now, the users have to login twice (login widget redirects to /wp-login.php, where the login works as expected)..
Great protection against brute force logins and sign-ups..
/PeO
]]>This plugin blocks an other plugin used for members to connect.
This plugin is “zM Ajax Login & Register”
Is this issue known ?
Do you know some other similar plugin i can use for members registration ?
Thank you!
Mathieu.
]]>Hi guys,
since the last update users can only login by typing the additional asd321 code and get the message “Copy this code “asd321″ and paste it into input:”. Before the update this field were hidden as described in the documentation.
We use a different login url (Plugin: Rename wp-login.php), like:
https://urlofwebside/customstringasloginurl
but had no problems until we did the last sec-prod-update.
We had no other changes on the webside except some new blogposts.
We use no widget for the login page.
I use the plugin in the same combination (custom login url) on other websides and there are no such problems appearing.
Do you know what happened?
Thanks in advance.
mayschje
]]>Hello Webvitaly, I like your plugin very much!
There is a conflict with Woocommerce and Security Protection: returning customers are redirected to WP Admin login page after entering their username and password. Because I have blocked my WP login page from all but my own IP address (htaccess script), my returning customers cannot login from “My Account” or from Checkout page. They see a 301 error.
I have verified that the htaccess script is not causing this problem.
Thank you!
]]>I am having problems logging into my website (https://www.principledpolicy.com) using Sidebar Login when Security-protection is enabled. I can login using the built-in login on the theme I use (Carrington). I have tried it with other themes as well. When I disable Security-protection I can again log in using the Sidebar Login.
I am using WordPress 4.1
]]>Hi,
When I tried to reset a password, I enter the email address and I get this error message and I can’t follow the reset process :
Security-protection plugin: Reset password error: wrong code; field should be empty;
Thanks for your help,
Guillaume
]]>Hello Vitaly,
thanks for great plugin.
Would you consider expanding the usability of the plugin so it also works with BuddyPress registration form?
]]>Hi,
I don’t use wordpress default login url such as login.php or wp-admin… Is that a problem ? Is your plugin working whatever are the logins URL ?
Thank you
]]>Hello,
thanks for your work – just want to report that there seems to be new brute force procedures out there that are reporting many failed logins. They went away instantly after installing Security-protection, but after some time, the scammers have found a way to recognize it perhaps.
]]>Hi
would this plugin stop a XMLRPC.php attack ?
]]>Hi dear,
you say that there is no captcha but when I activate your plugin on my login widget appear a code that need to be enter by the user. The cose is always the same asd321.
Is it possible to avoid this?
thanks.
kash
Hi,
I installed this plugin to one of my clients’ site to add more protection several months ago. But, unfortunately, it conflicts with one of the plugins that installed on this site, users can’t log into the site like used to be.
This site has front end login plugin installed and users used widget login form to enter the site and stay in the front end all the time, they will not get into or through the WP back end. But adding on this plugin, users can’t login from front end anymore, it will redirect to the back end WP default login form, even the user entered the correct login info. from front, it still goes to back and need to reenter the login info. and then it will take user to the back end WP profile page instead of going back to the front HOME page.
At the beginning I did not figure out what’s going on until I deactivated all the plugins that installed and reactivated one by one, and then found out that “Security-protection” is the one to cause this issue.
Security-protection is a great plugin, please make it compatible with others. We appreciate your hard working and thank you so much for making such wonderful plugin.
]]>Hi, I was looking at plugins to mitigate against brute force login attacks and see your plugin is up-to-date, great!
What I wanted to know is whether its protects against the two following items (like the “Limit Login Attempts/” plugin):
– login attempts through the login page
– attempts to log in using auth cookies in same way.
Also, how else does it differ from the “Limit Login Attempts/” plugin?
Thanks, I look forward to your response.
Kevin
]]>Entry Processes 30 of 30 – occupied. CPU running up to 100%
Shared environment.
I’m in the middle of a major botnet attack (24 hours, every 1 minute – blocked one ip after second attempt) targeting one blog. I do have Limit Login plugin and according to it, since the activation of
Security-protection plugin, the attack has stopped.
However, the resources usage is ridiculous. I’m not 100% sure its because of your plugin, but it seems like it is.
]]>The plugin is working very well. It completely stopped all the fake registrations and spam attempts on one of my websites.
Thank you! ??
]]>I’ve installed the plugin and I’ve got the same amount of login attempts from unautorized users…
]]>Hello dear
I like me know it the plugin is Wordfence compatible and caching plugins compatible
Thanks for support
]]>