First Login Attempt Always Fails

  • I waited for months to update to ITSec due to problems reported. Upgraded my first site today, and have found an issue.

    Using latest version of ITSec and WP 3.9.1.
    Using the Hide Backend feature.
    The first login attempt will always fail.
    Second login attempt, and those that follow, will be successful until my browser is shut down (which clears cache/cookies/etc).
    Then the first failed login will repeat.

    The failed login is NOT being logged, though I have logging enabled in ITSec.

    Has anyone else encountered this?

    https://www.ads-software.com/plugins/better-wp-security/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter thefitrv

    (@thefitrv)

    Just realized my initial description may not have been entirely clear.

    When the first login fails, I am using a valid User ID and Password.
    Perhaps that is why it doesn’t show up in the logs.
    When I then try the same User ID and Password again, it works.
    And it will keep working until I shut down my browser, which clears the cache and cookies, etc.

    Also – if I try an INvalid User ID and Password on the initial attempt, it will fail. And that attempt will also be logged.
    But an attempt with a valid User ID and Password after that will succeed, and continue to succeed until shutting down the browser.

    It’s as though there is some login cookie that is not set until after the first attempt (good or bad).

    Thread Starter thefitrv

    (@thefitrv)

    OK. At the rate I’m going, I’ll have this figured out before anyone responds.

    The login issue seems to be related to the “wordpress_test_cookie”.

    If that cookie is not present, then the first login attempt will appear to fail. It will redirect back to the login page, but looking as though it has failed. It actually worked, however. From the failed looking login page, you can directly type /wp-admin in the address bar, and it will take you there logged in as the user you tried (assuming that User ID was valid).

    In either case, the “wordpress_test_cookie” is set. Once that is there, everything works normally from there out.

    FitRV;

    I’m impressed that you found that ‘loophole’ to get through this error, but is it any easier than re-entering your login info?

    I have had this problem for a long time as well, and it seems to have been unsuccessfully addressed in this forum many times. I think it’s about time the WP people find a cure for this annoyance.

    I don’t understand why WP needs to find a test cookie upon first arriving at the site, at any rate.

    Good luck & please follow up, although it seems to be a lonely pursuit.

    Thread Starter thefitrv

    (@thefitrv)

    I got a little further before I gave up…

    The problem seems to come when it sets the cookie, say at example.com, and then your login is redirected to https://www.example.com, which are different. The same thing could also happen between the https:// and https:// versions of your site.

    I don’t know if you are using the www, or https, or what, but try playing around with those and see if you get something working.

    strike3

    (@strike3)

    There is a fix that might help some of you. I had the same problem, and it ended up being a conflict with a caching plugin (W3 Total Cache). To fix it, go into W3TC’s Page Cache settings. In the Advanced section, go to the ‘Never cache the following pages’ option and type in something like this (where ‘myloginpage’ is the page you set in iThemes):

    /myloginpage

    This will keep W3TC from caching your login page. The login was probably failing because you hit a cached PHP page the first time you try to log in.

    HTH,
    Matt

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘First Login Attempt Always Fails’ is closed to new replies.