Not safe

  • Resolved Vincent Verloop

    (@vverloop)


    6 years ago

    Your plugin in not working as it should. At the password recovery form of WordPress, script kiddies can bypass the security!

Viewing 8 replies - 1 through 8 (of 8 total)
  • Thread Starter Vincent Verloop

    (@vverloop)

    I have everything enabled: Login, Password Recovery, Comments, etc.

    For some reason it can be bypassed, maybe the WordPress API. I have to look further, but for now this plugin is the weakness.

    Thread Starter Vincent Verloop

    (@vverloop)

    I use Wordfence also and Wordfence does his job.

    Thread Starter Vincent Verloop

    (@vverloop)

    Is Recaptcha a bullshit product? Maybe…

    Thread Starter Vincent Verloop

    (@vverloop)

    This email was sent from your website “XXXXX.nl” by the Wordfence plugin at Monday 22nd of October 2018 at 10:06:30 PM
    The Wordfence administrative URL for this site is: https://www.XXXXX.nl/wp-admin/admin.php?page=Wordfence
    A user with IP addr 180.183.243.52 has been locked out from signing in or using the password recovery form for the following reason: Used an invalid username ‘XXXXX’ to try to sign in..
    The duration of the lockout is 1 hour.
    User IP: 180.183.243.52
    User hostname: mx-ll-180.183.243-52.dynamic.3bb.co.th
    User location: Ratchaburi, Thailand

    Thread Starter Vincent Verloop

    (@vverloop)

    Ok, i’m wrong maybe…it is going about the username. Wordfence blocks the “Wrong Username” directly when it is a not existing username.

    The Submit button is disabled, before the Recaptha code is filled in…so what i’m missing…

    Thread Starter Vincent Verloop

    (@vverloop)

    W3 Total Cache: Minify enabled…do not show the Recaptcha.
    Disable it or fine tune it, is a solution.

    But for now that is not the solution. The Recaptcha is working and Minify disabled in W3 Total Cache.
    At the website the problem occurs, the problem still exist.
    Minify was already disabled.

    Thread Starter Vincent Verloop

    (@vverloop)

    It’s a human action i believe…fuckers

    Multiple IP’s, multiple countries.

    Changing source IP’s with Tor is simple.

    Thread Starter Vincent Verloop

    (@vverloop)

    If you are from my country and you are my customer, why you should enter my websites via Tor, and you have nothing to hide. Only local business at this moment and trusted people.
    Fuck Tor and anonymous proxies at this moment, block that shit.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Not safe’ is closed to new replies.