aporter
Forum Replies Created
-
Hi,
This is a top priority, a fix was made as soon as it was first reported.
I’ve provided a development copy to you so that you can resolve this issue on your site as soon as possible.We are still working through internal testing before making an official release.
Best Wishes,
AshleyHi,
This is a known bug in the last release.
This copy of the zip contains the fix and clears the previous logs.
https://gofile.io/d/GsplaK
This will be available in the next release which should be released soon.Best Wishes,
AshleyHi,
The contents of the “Audit log” tab comes directly from the database table {prefix}aiowps_audit_log.
If it only shows entries from the last 10 days thats because theres only 10 days of content in the database (as would be expected with the above define value).
Do you somehow have multiple aiowps_audit_log tables?
You can also easily clear the audit log table from the “Audit log” tab.
The table has a “bulk actions” dropdown, in there is a “Delete all” option.
Select that option and press apply, that will remove every entry from the table.
Best Wishes,
AshleyForum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Problem with my 2FAHi,
You can add the following define to your wp-config.php:
define(‘TWO_FACTOR_DISABLE’, true);
This will disable TFA, you can then login and add it back to your authenticator app.If you copy and past the code make sure the ‘ are correct when you paste them, sometimes they get changed when copy and pasting from here.
Best Wishes,
AshleyHi,
This has been fixed in our development version and will be in the next release.
A copy of that can be found here if you wanted to install it early:
https://gofile.io/d/Ah6Gss
Best Wishes,
AshleyHi,
Thank you for reporting that.
Working on a fix for it now.
Best Wishes,
AshleyHi,
Just as an update on this in case anyone stumbles upon this thread.
The latest verson of AIOS 5.1.9 released yesterday, contains the feature “Encrypt TFA secret keys that are stored in the database (extra protection in case of your database being hacked)”.
This resolves the security enhancement mentioned above.Best Wishes,
AshleyHi,
You can manually run the cron by installing a plugin like wp-crontrol.
Your PHP error logs you may need to check with your hosts or you could enable WP_DEBUG by adding the following to your wp-config.php:
define(‘WP_DEBUG’, true);
define(‘WP_DEBUG_LOG’, true);Then your log file should be found at:
wp-content/debug.logBest Wishes,
AshleyHi,
The cron that is supposed to clean them is:
aiowps_daily_cron_event
Try manually running that and see if it cleans them up, if it doesn’t can you check your PHP error logs for any errors.Yes it’s safe to remove them.
Best Wishes,
AshleyHi,
So these are created if you use the basic math captcha.
A pair will be created when someone attempts to login and currently they are removed on successful login.
These left overs are then cleaned on a daily cron (so you should also check that your cron is working and running)So it’s likely you are getting a lot of failed login attempts and they are being blocked by the captcha but it’s leaving a mess in the database.
You should check the audit log and see where the failed logins are coming from and how you can block them to prevent this.Best Wishes,
AshleyHi,
You can bulk delete rows via the UI currently but if theres lots of rows you will want to use the define AIOWPSEC_AUDIT_LOG_PER_PAGE to increase the page size.
e.g define(‘AIOWPSEC_AUDIT_LOG_PER_PAGE’, 100);
You can add that define to your wp-config.php careful if you copy and paste from here the format on the ‘ gets messed up and causes problems.
Right now the page size is 15 (next release increases this to 100 by default)The next release will also add a delete all option for easier clearing of that log.
The next release is currently going through testing and should be out soon.
Best Wishes,
AshleyHi,
This could be the same issue as this:
https://www.ads-software.com/support/topic/audit-log-breaks-database-exports/
The timeline matches up to when we added the audit log that contains serialized stack traces.
You could confirm by removing all the data in the audit log (if doing this via the database do not delete the table) and then trying to use the other plugin.
Best Wishes,
AshleyHi,
If your having a problem with the plugin please open a support request so we can help.
As for Cloudflare Turnstile all we do is include their javascript and tell it what form to run on. We have no control over how they decide if your a bot or not.
I’ve personally not experienced that and we have had no one else report it either.Getting locked out could be caused by any number of options being turned on and then triggering them rules, without any further information we can’t help.
Best Wishes,
AshleyHi Nick,
Sorry about the delay.
We don’t currently have all our hooks and constants documented but we are working on it.I’ve also added a ticket to our task tracker to discuss anonymizing the IPs in the audit log, I will update you on what we decide to do.
Best Wishes,
AshleyForum: Reviews
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Bad security WP-adminHi,
Please do open a support request in future if you need help, we are more than happy to provide support.
It sounds like another plugin is adding a review link to the page and exposing your login link.
If your able to provide more information we would be able to resolve this issue.
Best Wishes,
Ashley