mikele3

Hi.
today I updated to Version 4.2.4 and now I am getting this error:

Fatal error: Call to undefined method AIOWPSecurity_User_Login::insert_unlock_request_form() in ....

I was using it in my custom login page to output the “Unlock Request” button.

How can I do that now?

Thank you Chesio.

I’ll keep both for now; I’ll ask in the BBQpro support forum if that plugin works as expected with my configuration; if that is the case I am all set, if it doesn’t I’ll remove that and use AIOWPSF to help me insert the rules in the .htaccess file.

In case when WordPress is installed in a subdirectory, Jeff Starr, the author of 6G, recommends to only keep [QUERY STRINGS] section of 6G in WordPress directory (as the rules are designed to protect wp-admin area) and move everything else to root directory, so the other rules (like blocking of bad bots etc.) are applied to front-end requests as well.

I was going to ask this in a separate thread, but since you mention Jeff Starr (didn’t know about 6G being his work)…
I use BBQpro on my WP websites, in those I am also installing and configuring AIOWPSF.
Is that a good idea? does it gets redundant? known conflicts?
Are BBQpro and “Enable 6G Firewall Protection” in AIOWPSF the same thing?

Hello Chesio, thank you.

so, to make this work, I did change group ownership to www-data and permissions to 775 for the folder where WP is installed.
But I feel uneasy leaving it like that… what you think? isn’t it a security concern?

furthermore, I did try – Prevent Image Hotlinking – and I saw the rules added to .htaccess …
but since my wp-content folder has been moved outside the folder where WP is installed, I think that won’t work to prevent hotlinking… am I right?
I am thinking I should cut/paste the rules to the .htaccess I have in my website root…

if so, would that be the case for “Enable 6G Firewall Protection” and the other settings in the Firewall section?

you are right sorry; Block Fake Googlebots <- works

for those, I get the warning that .htaccess is not writable.
– Prevent Image Hotlinking
– Enable 6G Firewall Protection

I did change .htaccess in the website root (not the same folder where WP is installed) to 777, then tried to apply “Basic Firewall Protection” and again I get the warning that .htaccess is not writable.

oops.. sorry, I made a mistake:
– Block Fake Googlebots <- works

– Enable 6G Firewall Protection <- complains that .htaccess cannot be edited

thank you again ?eslav.

using your hints I succeeded having the “Request Unlock ” button in my custom login page.
also I have the whole unlock request process happening in : mydomain.com/unlock_request/

my website is multilingual, through the use of the WPML plugin.
with that said, the less elegant part of my implementation is having to work around some messages that are hard coded and not available for translation in the other-includes/wp-security-unlock-request.php file:

"You are here because you have been locked out due to too many incorrect login attempts.";
"Please enter your email address and you will receive an email with instructions on how to unlock yourself.";
"Send Unlock Request"
"An email has been sent to you with the unlock instructions."

not a big deal.

bigger problem for me (as it might/will break with updates) is with:

static function send_unlock_request_email($email, $unlock_link)

I had to comment that out and rewrite my version.

my issues are:

$subject = '['.get_option('siteurl').'] '. __('Unlock Request Notification','all-in-one-wp-security-and-firewall');

get_option(‘siteurl’) returns the url to the WP installation not the website’s base url
even then, I would have preferred the website name… I changed that to:

$subject = get_bloginfo( 'name' ) . '  ' . __('Unlock Request Notification','all-in-one-wp-security-and-firewall');

and I had to broke down into smaller parts $email_msg in order to be able to provide translations through WPML.
this:

$email_msg .= __('You have requested for the account with email address '.$email.' to be unlocked. Please click the link below to unlock your account:','all-in-one-wp-security-and-firewall')."\n";

would have been made available for translation as : “You have requested for the account with email address [email protected] to be unlocked. Please click the link below to unlock your account:”

so I did rewrite it as:

$email_msg .= __('You have requested for the account with email address ','all-in-one-wp-security-and-firewall');
$email_msg .= $email;
$email_msg .= __(' to be unlocked. Please click the link below to unlock your account:','all-in-one-wp-security-and-firewall')."\n";

I just thought I would mention it just in case….

?eslav, thank you so much!

Thanks to your input, I managed to quickly hack together a solution that gives me the Unlock request button on my custom login page.
The whole Unlocking process does work as well.

Now there are a few things I want to customize:
send_unlock_request_email .. both subject and body .. is there a way to do that without touching the plugin files?

I would like to have the “submit email for unlocking request” form on a page of my own (like mydomain.com/unlock_request/ , not the wp login url …
is there a function that outputs that form, similar to what AIOWPSecurity_User_Login::insert_unlock_request_form() does for the button?

I have tested it on another website where I use no custom login and I could see how it works.

I would really like to have it working on my other website, the one that uses Profile Builder Pro to manage login and profile forms.

I had a quick look to the files inside the all-in-one-wp-security-and-firewall plugin folder.
Any advice on where to start digging?
Is the DIV containing the Unlock Request button added to the login form through a WP hook or via Javascript?
May I ask which file has the code that generates the button and the two hidden input values?

I see, thank you for taking the time to explain in details.

I do not see all that.
Definitively either the plugin I use (Profile Builder Pro) or the themes does prevent it from happening… but it is the feature I was looking for; hopefully I’ll figure out a way to make it work.

Thank you again.

how is the “Allow Unlock Requests” feature supposed to work?

I enabled it, then opened a different browser and failed 3 times logging in from a dummy account I have made for testing purpose.

In the browser where I was logged in as admin I could see the IP address in the blocked list.
I also received the email notifying me that the IP was locked because of failed login attempt from my dummy account.
But I have not seen unlock request link, nor received it in the dummy account’s email.

If that counts, the login form is a custom implementation in the front end of the website.

absolutely, I have no more questions at this time; sorry I missed to see there was a “resolved” checkbox.

and, thank you! ??

good to know, I need to check permissions on that dir.

thank you for your patience answering all of it.

nice, thank you; I am Turning that on then.

Are the logs kept in the DB or will those be wrote to wp-content/debug.php?

thank you for your reply!

so, it is GENERAL SETTING tab, DEBUG SETTINGS … about wp-content/debug.php ?
or somethign specific to the plugin?

and I’ll definitively keep the plugin active for the other features.