Daniel Convissor

Mark resolved due to no user response.

Hi Mark:

I just released a new version. Can you try it, please?

Oh, and if you still can’t get in, you’ll have to manually remove the plugin:
https://www.ads-software.com/support/topic/plugin-login-security-solution-manual-uninstall

Hi Tdoherty:

Before you get into all that, do you have the Better WP Security plugin installed? If so, there are conflicts. Please read this package’s FAQ at https://www.ads-software.com/extend/plugins/login-security-solution/faq/

–Dan

Hi Anisjolly:

Check out the descriptions for both plugins. They do totally different things.

–Dan

Stayc215:

I’m looking at the Better WordPress Security plugin right now. It provides the ability to disable the features that Login Security Solution does better. In BWPS’ settings page, un-check the “Enable Login Limits”
and “Enable strong password enforcement” boxes. This should permit smooth operation of both plugins. I’ll add information about this to my readme / plugin pages.

Thanks so much for the feedback!

–Dan

Hi Stayc215:

Thanks for the kind words and making the right decision. ?? I’m curious, did you sort out why/how it was conflicting? I’ll have to check out that plugin again and see if there’s anything that can be done or if I need to announce that it’s incompatible.

Thanks,

–Dan

PS: cough (rate the plugin) cough (and vote for the combination “working”) cough :).

Clicklow:

1) You’re hijacking someone else’s support thread. In the future, please start a new thread.

2) You typed in the wrong name / password combination 6 times and then successfully logged in after that?

3) What do you mean the URL “no works”? It sure sounds like the URL works, since you’re getting to the screen that asks you to pick a new password.

4) “TgtdE4#&#$2dD” is a totally fine password, I just tested it and it passses using my plugin’s default settings. Have you changed the plugin’s Password Policy settings?

Here’s how it works for me using WordPress 3.4 and Login Security Solution version 0.10.0 (you are using the latest version, right?).

* Log out of WordPress via “Log out” option under my user in top right of the admin bar.
* Click the “Lost your password?” link.
* Put in my user name and hit enter.
* Get the link from the email and paste it into my browser’s location bar and hit enter (example:
https://foo/wp-login.php?action=rp&key=x1adj1j9D&login=somename).
* Type in my new password twice and hit enter.
* Get a message saying “Your password has been reset. Log in.”
* Click the “Log in” link.
* Type in my user name and new password and hit enter.
* Voila! I’m in.

Can you please follow those exact steps (beside the logout part, of course, since you can’t log in, right?) and tell me what happens with each one?

Hi Stayc215:

Sorry you had problems. I just installed the ozh-simpler-login-url plugin you mentioned and did some tests. It doesn’t cause problems for me.

When did my plugin boot you out? Was it upon submitting the “Change All Passwords” form? My “Change All Passwords” process is designed not to reset the password of the person who submits the form. BUT, the way it prevents the present user from being booted relies on the global $user_ID variable. It sounds like some other plugin is misbehaving by not passing the variable along. What other plugins do you have?

I guess I need to put in some validation to stop the process if it’s not set.

Thanks,

–Dan

Hi Mark:

Regarding the inability to log in, I did find that some behaviors had inadvertently changed, introducing a “Catch 22” situation. I just released version 0.9.0 to fix the problem. Now, when users choose an insecure password during the reset process, they can pick a better password right on the spot.

Please re-run the manual data removal queries I showed you, above. Of course, you must change the “wp_” table prefixes to match your table prefix. Please make notes of the results of the queries so we can keep track of their effectiveness. If you have further problems, I’ll want to see them.

Then upgrade the plugin and reactivate.

On the sending emails for 0 failed logins problem, that’s totally bizarre. If the problem persists, please send me those removal query results.

Please keep me posted.

Hi Son123:

I did find that some behaviors had inadvertently changed, introducing a “Catch 22” situation. I just released version 0.9.0 to fix the problem. Now, when users choose an insecure password during the reset process, they can pick a better password right on the spot.

Please upgrade and let me know if there are any more problems. Sorry for the inconvenience.

Mettam:

Thank you very much for the details!

I did find that some behaviors had inadvertently change, introducing a “Catch 22” situation. I just released version 0.9.0 to fix the problem. Now, when users choose an insecure password during the reset process, they can pick a better password right on the spot.

Sorry for the trouble.

Mettam:

Sorry you’re having problems.

Your description, while not as detailed as needed to fully sort out the problem you’re having, does provide a lead.

Once the plugin is activated, all you need to do to log in is use the “Lost your password?” / password reset process. (The plugin should have forwarded you to the page for doing so.)

Also, are you using multiple accounts to log in?

FYI: your attempt to manually rip out the plugin did not remove all of the settings in the database. The plugin’s settings page offers a way to completely remove the plugin’s database records upon deactivation.

Hi Marc:

I haven’t seen that issue in my extensive testing on several WP installs. I want to make sure all problems get resolved. Can you please try again?

If you see any error messages, please copy down all error messages you see.

* Get the files from https://downloads.www.ads-software.com/plugin/login-security-solution.0.8.0.zip
* Put that directory in your wp-content/plugins directory
* Activate the plugin.
* Go to the Settings page for the Login Security Solution.
* On the bottom, select the “Yes, delete the damn data” option and click “Save Changes.”
* Deactivate the plugin.
* That makes sure any settings from an old install are blown away.
* Activate the plugin.
* Log out.
* Edit your site’s main wp-config.php file and set WP_DEBUG to true.
* Oh, yeah adjust your php.ini settings so errors can be logged (log_errors = On and error_log = /path/to/php_errors.log) or seen (display_errors = On)

From this point forward, write down every step you take and what happens in response.

Now log in. Let me know what happens, please. Check the php_errors.log for any problems.

Thanks,

–Dan