can't log in

Download a fresh copy of WordPress from www.ads-software.com and overwrite all your existing files. If this just happened, its probably be because WordPress auto updated to latest security release and you are trying to upload the wp-login.php of the older release.

I really wouldn’t recommend you removing your wp-login.php file constantly. It’s not really going to help make you site any more secure and is a huge amount of pointless extra work. If you are worried about bruteforce attacks, then consider installing a Brute Force protection plugin, configuring your server via htaccess to limit access to wp-admin by IP or using a two factor authentication. Or indeed all of the above, but not removing and adding files.

Thank you Tim. Is it also possible to FTP an older back-up and then update WordPress, instead of overwrite the latest update?

About security; I’ve installed a plugin and limit access to wp-admin by IP, and still got a lot of attacks.

Thanks, Alice

Hi Alice!

*Drinks less coffee, dials down the enthusiasm. Sorry about that. ?? *

Here’s the thing: a security plugin and limiting /wp-admin/ by IP address may not help for that scenario. Those plugins work off of the WordPress core and will/may protect you from some thing but each of those authors will tell you the same thing: stay up to date with all of your versions.

It’s really critical that you use 4.0.1 because now that that security patch is out the hacker’s will look for un-patched versions to exploit.

For safety reasons I removed wp-login.php and replace it by FTP each time I want to log in. Worked fine until now.

When you leave that in place does your installation work for you? I know that’s not what you want to read but I am asking that because I want to know if there’s something else going on with your installation.

If you have automatic updates enabled, you are already on version 4.0.1 it’s just your copy of wp-login.php that you manually upload that is not. So a quick position to get back into the right position is just upload a copy from www.ads-software.com and start from there.

With regard to security, every site get’s attacked if you are restricting access by IP and limiting logins etc then those attacks will be on the whole unsuccessful. Combined with a good strong password or even better passphrase and two factor authentication or similar extra security and you don’t need to worry.

Remember that someone attacking your site is not the same as someone actually getting in. For example as many attacks will be happening against your FTP credentials as will be against your WordPress site.

Looking for some help and obviously haven’t quite got used to how to use this support feature properly, but hopefully readers of this thread may be able to help me.

I created a wordpress blog well over a year ago and would like start using it again. Only problem is, I can’t remember my login password and the email address I used to register has now been disabled so I can’t reset it simply. Is there any way I can start using this blog again?

@josh030391 Could you please start your own topic?

https://www.ads-software.com/support/forum/how-to-and-troubleshooting#postform

That’s per the forum welcome. Your problem and this one are not the same and starting your own topic is the best way to get support.

Sorry Jan, if I’ve done it right I’ve posted the new topic here:

https://www.ads-software.com/support/topic/lost-login-details-registered-email-address-disabled?replies=1#post-6249266

Hi Tim,
Yes I had automatic update enabled.
Do I have to upload (by FTP) the whole copy from WP. I’m afraid I have to start building my website all over again. I’ve uploaded only wp-login.php, but that doesn’t work, helas.

Thanks for your explanation of the security item,

kind, Alice

When you leave that in place does your installation work for you? I know that’s not what you want to read but I am asking that because I want to know if there’s something else going on with your installation.

Thanks Jan, but what do you mean by this? My browser gives me a Javascript pop-up (or some thing like that) to ask my authorisation, and not the WordPress warning of not finding the page?

kind, Alice

I would upload a fresh new version, it shouldn’t overwrite your theme or plugins installed just the core WordPress files (though always back up first!)

Once you done that, everything should go back to working, if it doesn’t and you still see a password request box then it might be related to your attempts at locking your site down, perhaps running a plugin that generates a second password request, or edit in htaccess for a basic password.

For safety reasons I removed wp-login.php and replace it by FTP each time I want to log in. Worked fine until now.

You might as well just stop doing that. Doesn’t really improve security in any way.

If you want to be secure for logins, choose a strong password. Nothing more is really required.

Yes, I’ve learned my lesson. I’ll never do that again.
But I’m sorry to say, Tim, the solution by uploading doesn’t work.
kind, Alice

You uploaded a fresh copy of WordPress, and you still have a login prompt.

You checked that you hadn’t modified a htaccess file, or have a security plugin of some sort enabled creating the additional dialog box?

Hi Tim,
I didn’t change anything in the .htaccees file, but there is a htpasswd file thats new to me, I didn’t put it there, it has passwords that I would never use. And I didn’t upload recently a new security plugin.
Using the password of that file for the access does’t work, nor removing the file.

kind, Alice

For security reasons some hosts are requiring a authentication prompt which is controlled in .conf level. Are you sure you are not seeing this type of authentication?