Recent update broke our site – Math Security

  • Resolved jord8on

    (@jord8on)


    2 years, 5 months ago

    I submitted this ticket originally to my host provider:

    For some reason, our users are not able to login to WooCommerce.

    Here’s a screenshot of the errors: https://app.box.com/s/z3pe6zw7d4nkt2ay2lgmvdznoj5jpejw

    FYI, we have never enabled a feature that requires users to enter a math problem in order to login.

    These users who are trying to login have created an account previously and they are simply trying to log back into that account so they can make another purchase under the same account.

    Our host dug into our site and shared the following back with us:

    Upon checking further regarding this issue, I could see that the issue is with the plugin “hide-my-wp”. The reason for getting an error with the status “math-solving issue” initially is due to the Captcha setting which is not configured properly. And also the number of login attempts the plugin will block the IP and will show the error status with “Your IP has been flagged for potential security violations. Please try again in a little while…”

    I have now assisted to disable the plugin “hide-my-wp” from my end now and have tested it by creating a new user named “ssonu”, kindly note that I was able to log in to the account without any issues. Attached is the screenshot for your reference.

    In order to fix this issue, I recommend you to contact a web developer and check the settings of the plugin mainly with the captcha under the login page of the website and ensure everything is configured properly.

    I want to clarify that up until your last release, our users have had no problem logging in. Your release notes indicate: “* Fixed – Brute force math security when the math field is deleted” but it seems like somewhere in there you made a chance that affected us adversely and started automatically requiring that math problem (which is hidden by our site theme) so users are just told that they incorrectly answeed the problem ??

    I also wanted to clarify that I reactivated your plugin and our users were no longer able to login, again! Then I went to the Settings for your plugin and turned off the Brute-force attack toggle, and everything is working again… and our users can now login, like before.

    Hopefully these details will help you refine this feature “update” and we can turn back on our brute force protection again, when this feature does not require a math problem and auto lockout all our users.

Viewing 1 replies (of 1 total)
  • Plugin Author John Darrel

    (@johndarrel)

    Hi @jord8on,

    Thank you for the details.

    I checked your website and the theme you’re using doesn’t add the WooCommerce login identifier and HMWP considers it as a normal login process.

    We added an update with the fix and you can download version 5.0.15.

    We will see what we can do to identify better the custom WooCommerce logins when math Brute Force is activated.

    Please upgrade the plugin and let me know if the WooCommerce login works well.

    Best, John

Viewing 1 replies (of 1 total)
  • The topic ‘Recent update broke our site – Math Security’ is closed to new replies.