I recently stumbled upon an issue i get with my login attempts. I have my options setup that it will block someone’s ip when they have tried and failed to login three times in a row. But unfortunatly it bans their ip when they fail to login once. Is there anything i can do to fix this, or something i might have missed?

I have a few webites that use AIOWPS, i have recently stumbled upon a problem with the custom login page. It is still getting found even though i changed it. I have been doing research on how to fix this issue, but i can’t seem to find anything that works.

My firewall settings are “Use standard firewall settings” = on, “Block all acces to the XML-RPC file” = on, “Pingback XML-RPC” = off, “Block acces to debug. log file” = on.

Any fixes for this isseu?

As a standard operating procedure we always use All in One WordPress Security to rename the /wp-admin URL to something else for every wordpress site we manage. Everyone should do similar as using /wp-admin is a security risk.

I have recently taken on a new site which also uses your plugin to style the login page however it does not work as soon as I change the login URL using AIOWPS even if I set it to the same URL in Theme My Login. I still see only the default login page at my address.

Example:
– WordPress admin URL changed to domain.com/customurl using AIOWPS Brute Force
– Theme My Login Login Slug set to domain.com/customurl
– A page created in the wordpress admin for customurl
– A custom wordpress template file page-customurl.php

Now this all works as expected for each plugin if I disable the other one. However as soon as I enable AIOWPS brute force to change the login URL properly then I see the default login page rather than the custom one even though the URL in the browser bar is domain.com/customurl which is the same as that in Theme My Login.

My issue is that I need to use AIOWPS for security because Theme My Login does not actually block access to /wp-admin rather it just redirects from domain.com/wp-admin to domain.com/customurl

Can you please tell me how I need to set up Theme My Login to work when the wordpress admin login URL is not /wp-admin ?

Alternatively I’m happy to ditch AIOWPS for the login URL change if you can tell me how to actually change the login URL using Theme My Login so that domain.com/wp-admin does not redirect and instead returns an error or a 404.

I’m asking you here as the security requirement of changing the wordpress admin URL is more important functionally than theming the login page visually so therefore it is your plugin which needs to work with AIOWPS rather than visa versa.

Thanks very much for your assistance,

Nicole

_aiowps_global_meta table on my db is over than 500MB size (551 exactly).
Just tried to repair/optimize the table and deleting all entries in “failed login” section, but the size still big.

Is there a reason for this?

I have recently used it on another new site and haven’t experienced this problem.

I really like the plugin (although new to WP) and really want to be able to use it, but activating it causes issues on this new site.

Any help would be greatly appreciated!!!

Thank you.

Dawn

I repeated the process a short while later but this time the following happened;

1 I was locked out of the site but could access it for admin purposes via a customised login.
2 Users were abee to view the site via login on the latest post and log in to comment.

I cleared the browser cache and history with no result.

I tried to follow the instruction via the All in One WordPress Security support pages. However, the instructions appeared to fall down when I get to the following “Your .htaccess file was successfully backed up! Using an FTP program go to the “/wp-content/aiowps_backups” directory to save a copy of the file to your computer. on my Mac Using Yosemite 10.10.1
I cannot find where it is backed up.
I right clicked to copy but what is the FTP program referred to please?

My only option would seem to be to uninstal the plug in rather then just deactivate it. The plug-in, which has always worked well for me on this and another site. Just how I do that please? Will this still leave a problem?

I did some more investigation and found this thread, that explains how roles are stored in multisite. The first answer seems to cover it.

My guess is AIOWS doesn’t update the appropriate “wp_user_roles” record in each relevant wp_##_options table after the prefix is changed.

Can the authors look into this and add a fix to an upcoming release?

Thanks!

D.Lo

https://www.ads-software.com/plugins/all-in-one-wp-security-and-firewall/

I’ve discovered a conflict with the AIOWS plugin and the Login Security Solution plugin. I bring it up in this forum because I believe the issue is on the AIOWS side, and your description says that

Works with Most Popular WordPress Plugins
It should work smoothly with most popular WordPress plugins.

…so since LSS is the most popular password plugin (20k+ active installations) you might be inclined to investigate.

LSS is used to require users to use strong passwords. This is important to me because I have a large base of users, and many sadly insist on trying to get away with easily crackable passwords. If AIOWS offered such a security feature I would use that and have no need for LSS, but it does not. (I use many other AIOWS features and love them!)

Here is the problem. If a user requests a new password from the default WordPress login page, they are sent an email with a link that looks similar to

https://domain.com/wp-login/?action=rp&key=1Xx1qgFHyO1YLIJNwEyw&login=username

This link shows a password reset screen and there is a hint at the bottom that typically shows the WordPress requirements: “…password should be at least seven characters long…”

The exact output is: <p class="description indicator-hint">Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers, and symbols like ! " ? $ % ^ & ).</p>

LSS enables an admin to require stronger passwords. As such it changes the hint to reflect the new requirements, in the default case it says:

The password should either be: A) at least 10 characters long and contain upper and lower case letters (except languages that only have one case) plus numbers and punctuation, or B) at least 20 characters long. The password can not contain words related to you or this website.

Unfortunately, with AIOWS enabled, the text is reverted back to the default text. I’m not sure if it is a specific option in AIOWS, or just the activating of the plugin, but that’s definitely the conflict as I’ve experimented with deactivating the plugin.

It may seem like a minor thing, and I suspect really is a minor fix, but it is huge in terms of my having to support end users. They are told they can use 7 characters, but in fact they need 10. And that’s when the support calls come in.

Ideally I could use both plugins because of AIOWS’s outstanding security options, and LSS’s strong password requirements. But right now, forcing users to reset to stronger passwords is terribly confusing because the password hint is totally wrong.

If it helps, Daniel Convissor, the plugin author for LSS was instrumental in having the WordPress core updated in 4.1 to move the password hint text to a function: https://core.trac.www.ads-software.com/ticket/21243. Maybe this new function is something AIOWS can take advantage of?

I’d really love it if these two very popular plugins could work together. Can one of the AIOWS authors assess the scope of the fix?

Thank you!

D.Lo

https://www.ads-software.com/plugins/all-in-one-wp-security-and-firewall/

I forgot my password (admin) and entered the wrong one 3 times and I am now locked out.

When I try forgot password or request unlock nothing gets e-mailed to me to get back into the site. It also does not recognize my admin e-mail address.

Any help would be much appreciated.

THanks

https://www.ads-software.com/plugins/all-in-one-wp-security-and-firewall/