Banaras Law Journal Call for Papers,Jiliplay login register.REGISTER NOW GET FREE 888 PESOS REWARDS!

Forum Replies Created

Viewing 15 replies - 31 through 45 (of 69 total)

← 1 2 3 4 5 →

Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Secret Url revealed after Max Login Attempts

Thread Starter livingflame
(@livingflame)

8 years, 1 month ago

@azunyann
@wpsolutions

RewriteRule ^your-custom-login-name$ https://your-domain.com/wp-login.php [NC,L,R]

Unfortunately, this rule is not useful.

If someone posts: /wp-login.php in the address bar,
the access window is automatically displayed.

The solution:

That you update the Plugin so that it does NOT show the custom url (brute force / rename login page), after failed login attempts.

Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] “Rename Login Page” does not redirect to https

livingflame
(@livingflame)

8 years, 1 month ago

@azunyann
@wpsolutions

RewriteRule ^your-custom-login-name$ https://your-domain.com/wp-login.php [NC,L,R]

Unfortunately, this rule is not useful.

If someone posts: /wp-login.php in the address bar,
the access window is automatically displayed.

The solution:

That you update the Plugin so that it does NOT show the custom url (brute force / rename login page), after failed login attempts.

Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Restrict user registration to emails on a single domain
Thread Starter livingflame
(@livingflame)

8 years, 1 month ago
Any solution?

I found this code ===> But, does not work. :-/
I dont know if is My Theme Registration Form or BuddyPress… The problem is, that you can Register with whatever Email, i.e. [email protected]

And, there is not a button of field to Resend the Email Confirmation, after you complete.

functions.php
```
// Restrict WordPress Registration to Email Whitelist
function is_valid_email_domain($login, $email, $errors ){
 $valid_email_domains = array("yahoo.com","hotmail.com","outlook.com","gmail.com","aol.com","mail.com");;// whitelist email domain lists
 $valid = false;
 foreach( $valid_email_domains as $d ){
 $d_length = strlen( $d );
 $current_email_domain = strtolower( substr( $email, -($d_length), $d_length));
 if( $current_email_domain == strtolower($d) ){
 $valid = true;
 break;
 }
 }
 // if invalid, return error message
 if( $valid === false ){
 $errors->add('domain_whitelist_error',__( '<strong>ERROR</strong>: you can only register using @gmail.com or @outlook.com emails' ));
 }
}
add_action('register_post', 'is_valid_email_domain',10,3 );
```
Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Login Captcha does not work

livingflame
(@livingflame)

8 years, 1 month ago

@mbrsolution

Captchas do not work.

The Login Captcha affects the BuddyPress Login.

The Comment Captcha can be skipped (ie Not required).

I recommend adding Google reCaptcha as an alternative in Plugin Options.

Forum: Plugins
In reply to: [Widget Context] Not working on 4.5.2 with qTranslate-X. Update?

livingflame
(@livingflame)

8 years, 1 month ago

@kasparsd

9 Months Outdate! Please, Update this plugin :/

Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] “Rename Login Page” does not redirect to https
livingflame
(@livingflame)

8 years, 1 month ago
@azunyann

@wpsolutions

A Solution.

Well, I unchecked > Enable Rename Login Page Feature, in Brute Force options.

And, I used this code in .htaccess.

RewriteRule ^your-custom-login-name$ https://your-domain.com/wp-login.php [NC,L,R]

With this code, your custom login name is not revealed when your login attempts fails.

So, please, Update this Option.

Note: Change your-custom-login-name for whatever you want. and your-domain.com for your Url.
- This reply was modified 8 years, 1 month ago by livingflame.
Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Secret Url revealed after Max Login Attempts

Thread Starter livingflame
(@livingflame)

8 years, 1 month ago

@wpsolutions

A Solution.

Well, I unchecked > Enable Rename Login Page Feature, in Brute Force options.

And, I used this code in .htaccess.

RewriteRule ^your-custom-login-name$ https://your-domain.com/wp-login.php [NC,L,R]

With this code, your custom login name is not revealed when your login attempts fails.

So, please, Update this Option.

Forum: Plugins
In reply to: [WPGlobus - Multilingual WordPress] Auto detect browser language

livingflame
(@livingflame)

8 years, 1 month ago

Hi there. The code of @lucafavorido works but, I need the option to change lang manually, if my browser is spanish okey, but if I want to see the content in english… You know! So please, put here the correct code. ??

Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] All In One Vulnerability: Full Path Disclosure

Thread Starter livingflame
(@livingflame)

8 years, 1 month ago

Hey! How are you?
Please, check this.
https://www.ads-software.com/plugins/wp-hide-security-enhancer/

(@chesio)

Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Restrict user registration to emails on a single domain

Thread Starter livingflame
(@livingflame)

8 years, 1 month ago

And @mbrsolution
The method of Brute force prevent by spacial Cookie does NOT work well.

I suggest you Two factor of authentication (but SEE! that this method does not affect BuddyPress login, try after update).

Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Restrict user registration to emails on a single domain

Thread Starter livingflame
(@livingflame)

8 years, 1 month ago

My friend. If you can add this too.
WordFence has this, but your plugin not.
So, you can add.

Force Strong Password on Your WordPress

@mbrsolution

Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Secret Url revealed after Max Login Attempts
Thread Starter livingflame
(@livingflame)

8 years, 1 month ago
My friend, when your max login attempts finish (f. ex. 5 attempts, etc.), you are redirect to: yoursite.com/yourcustomloginname

PLEASE, TRY or CHECK!
- This reply was modified 8 years, 1 month ago by livingflame.
Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Secret Url revealed after Max Login Attempts

Thread Starter livingflame
(@livingflame)

8 years, 1 month ago

Other thing… /wp-admin needs Custom login too. If you can… add this option in the next update.

Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Secret Url revealed after Max Login Attempts

Thread Starter livingflame
(@livingflame)

8 years, 1 month ago

Hi!
My friend, you know, the plugin has the option to change: /wp-login for: /yourcustomlogin , but, when login attempts fails, after 10 attempts, or whatever, your custom login is revealed! Please, check that.

A solution: encrypting /yourcustomlogin for: /000889 for example. Or: a pseudo customlogin

The think is, that your custom login name need to be SECRET!

Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Secret Url revealed after Max Login Attempts

Thread Starter livingflame
(@livingflame)

8 years, 2 months ago

Hi, @mbrsolution
The big problem is revealing the secret or custom url.
Please, fix that!

Viewing 15 replies - 31 through 45 (of 69 total)

← 1 2 3 4 5 →