Users can't reset password after setting the 'rename login page feature'

Hi wiredpoet do you have any other security plugin installed? What are the features you have enabled in the Firewall section of the plugin?

Can you also carry out a test. Disable all plugins except this one and carry out a test with the user you mentioned above “testuser”.

Regards

Hiya,
I don’t have any other security plugins installed, and as my site was getting so hammered with attempts to login from non-existing accounts, i just had to turn this feature back on. I’ll just have users come to me for password resets (small building, so that’s not an issue). I do have a question about this though:
“Error inserting record into ct_aiowps_login_activity”
other than the blocked IP’s, there’s nothing but this message in my logs.
C

Hi C one of the plugin developers will investigate further your error message…..“Error inserting record into ct_aiowps_login_activity”

Hi there,
sorry to jump in on this but having the same problem and looks as if it was the recent update that caused the issues. When the user clicks on the reset link it defaults back to the lost password screen.

url contains following message https://websitename/renamedloginpage/?action=lostpassword&error=invalidkey

NB I have the rename login page feature enabled and the following issue in the logs
FAILURE : Error inserting record into wp_aiowps_login_activity

I have disabled the rename login feature and the password reset works so can only conclude that the problem is with the rename feature.

Hope you can get this fixed soon

Kind Regards

KatieKat

We’ve made mods to the plugin so that this scenario doesn’t occur.
The fix will be available in the next release.

This just happened to me too, and now I’m locked out. Please help!

@jealousgod if you are locked out follow the instruction in the following URL.

Thank you

I can confirm. I’m having the same issue as @wiredpoet and @katiekat. Any ETA on fix/update? My clients aren’t happy about this issue. Thanks in advance—great plugin!!!!

This has now been fixed in the latest released version.

Hello,
my users still can’t reset password, my config is WP 4.3.1 and AIOWPS 4.0.1. My users use their email adress to log in.
The reason I notice: the URL which is sent out in the email is url-encoded.
They receive wp-login.php?action=rp&key=***&login=mail_adress_prefix%40one_host.com%3E INSTEAD OF wp-login.php?action=rp&key=***&login=mail_adress_prefix@one_host.com
So their login is not recognize!

Thanks a lot for your reply.
Remi

Hi,
When this issue occurs, do you have the rename login feature enabled?

If you have the rename login active, you should not see “wp-login.php” in the reset password link. (I’m mentioning this because you appear to have the wp-login.php in the example you pasted)

I just performed some tests where the username is an email address and I cannot see any issues, ie, the reset password link in the email content is correctly decoded.
I recommend that you test this again to confirm the behaviour.

(In future, please raise your own separate thread because this one had already been set to “resolved”)

Hello,
The login can not be renamed in the website.
In fact, did you permform a test associated to a hotmail adress ?
Indeed, I think that some of webmail engine do not parse exactly as it should be. Here is an example of what people receive:
—
Quelqu’un a demandé le renouvèlement de son mot de passe pour le compte suivant :
https://ambassadeurs.arkopharma.fr/
Identifiant : [email protected]
S’il s’agit d’une erreur, ignorez ce message et la demande ne sera pas prise en compte.
Pour renouveler votre mot de passe, cliquez sur le lien suivant :
<https://ambassadeurs.arkopharma.fr/wp-login.php?action=rp&key=qzy8FNY7VTmINH7F2d6b&login=remi.mas%40wanadoo.fr&gt;
—

The login can not be renamed in the website.

If the rename login feature is not active, then I don’t think this plugin is causing the problem. You can verify this by momentarily deactivating the aiowps plugin and doing a password reset to see if you get the same result.

I have been experiencing this same issue with several sites that we run that have All In One WP Security installed. The issue is the same on every site.

What we have found is that if you are using the rename login page feature with the firewall feature, the password reset gets stuck in a continuous loop. Our links in the emails are sending to the correct pages but the reset link is always expired.

Disabling only the rename login feature allows the password reset to function properly while keeping the security of the firewall.

Also, disabling only the firewall functionality restores the password reset function while still using the rename login page feature.

Even on a fresh install we encounter the same issues with the same results.

For the time being we have disabled the rename login page feature on sites that have more than just admin users. This way customers and clients customers aren’t frustrated with the reset loop. We decided the firewall was more important than renaming the login page.

We love this plugin though and we will continue to use it on all our sites and new ones. Absolutely great work!

@ty_h11 can you start a new support thread since this one is already marked as resolved. This will help the developers investigate further your finding in regards to this issue.

Thank you