Hi
Firstly – I find your plug-in really superb and after years have now got an issue. The site is under construction and actually not accessed for the last few months.
There was ONE Admin account and few other accounts – after an auto update – I am unable to login as it seems the ADMIN user has been deleted – (or not seen)
At the WP login there is an alert saying –
<<
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the all-in-one-wp-security-and-firewall domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /usr/home/tilakconrad/public_html/{DELETED}/wp-includes/functions.php on line 6114
>>
Can you help with some advice on how I can get access please. I can access by FTP – but not sure what I should do after.
Thanks in advance
Tilak
Disregard, I figured this one out.
]]>You are encouraged to choose something which is hard to guess and only you will remember.
The above is mentioned in the plugin but what if I want to set up a community website where members need to have access to the login page. Then I will need to share the URL to the login page with members. Does changing the URL still make sense?
]]>I accidentally enabled HTTP authentication, which resulted in a prompt for user and password.
When I enter the user and password (I did not change the defaults) it asks for the same information over and over again.
Disabling the pluguin via FTP fixes the issue, but when I try to reenable the issue persists.
I’m not sure how to proceed in order to turn HTTP authentication off while still being able to use the plugin.
Thanks for your help!
Dear Support Team,
I am writing to report an issue with the All In One WP Security plugin, which we use across multiple sites. Following the update to WordPress version 6.7, all our websites utilizing this plugin are experiencing problems on the login page.
The issue appears to be related to the “Enable rename login page feature”. When this feature is activated, the WordPress logo on the login page displays incorrectly (as shown in the attached screenshot). However, disabling this feature resolves the issue.
This behavior is consistent across all our sites, suggesting a potential bug in the interaction between the plugin and the new WordPress version.
I have attached a screenshot to help illustrate the problem. We would greatly appreciate it if you could investigate this bug and consider a fix in a future update.
Please let me know if you require further details or additional information to assist with troubleshooting.
Thank you for your attention to this matter.
]]>I continue to receive an email notification stating that ” User login lockout events had occurred due to too many failed login attempts or invalid username: xxxxxxx”
It is the same username each time but from different IP addresses. The Locked IP addresses tab does show an entry for this user but, I do not have any other users set up for my site. I’m the only one who accesses the site. My hosting provider says that no one else is attempting to access the site. Any idea why I’m getting these emails?
]]>After installing and saving some changes, when I was editing the file permission changes, suddenly my entire site was locked and a login box was displayed that does not accept any of the defined WordPress users. It is really a disaster that by saving the settings of a security plugin, the whole WordPress is disrupted and unavailable!
By deactivating the plugin through cpanel, the problem is solved, but by activating it, the site is immediately locked and the login page is displayed. Could anyone tell me how to fix this or return the settings of this plugin to the default state without activating it?
https://i.postimg.cc/x8NHYTH0/Screenshot-2024-11-18-213330.png
]]>I am having an issue with AIOSecurity re brute force attacks on my site. They occur daily, which I’m told is not unusual, but I have the setting to lock out an IP address after 3 failed attempts within 5 minutes and this is not happening. The audit log shows the same IP address being used for roughly 50 login attempts, then another IP is used for another 50 or so attempts and these IP addresses are not being locked out. There’s nothing in my log about lockouts occurring. These attempts all have the same time stamp, meaning apparently 50 attempts is performed by a bot in one minute. I am blacklisting the IP addresses after the fact but I’m now unsure the plugin is working at all. I also have the setting turned on to instantly lockout use of specific usernames (admin for instance) yet this policy isn’t working either. My log shows 50 attempts from the same IP (not mine which is whitelisted) with the user name admin.
How can I troubleshoot this issue? I don’t use any other security plugins. I’m on a Litespeed sever and use that plugin, and i use AIOSEO plugin, those are the ones i assume might be conflicting. My site is a multisite. The site in question is my main site.
I’m also annoyed that the speedometer graphic shows my site is green but if it’s just measuring plugin settings that are turned on versus functioning as intended then it’s a misleading indicator.
]]>Hi, as always, thank you so much for the plugin, it is invaluable. After the latest WP update, similar messages started appearing because some plugins were affected, including yours. Do you plan to fix this? Thank you
The _load_textdomain_just_in_time function was called incorrectly. The translation upload for the all-in-one-wp-security-and-firewall domain was started too early. This is usually an indicator that some code in the plugin or theme is running too early. Translations must be loaded when the init action is executed or later. (This message was added in version 6.7.0.) _load_textdomain_just_in_time() Plugin: all-in-one-wp-security-and-firewallhttps://mega.nz/file/5ecWnJyZ#CVWp9Ik6CaetWfzIbN9-_iLKK9X3fDvHfSZS2VoGd1U
]]>Problem: all users (anonymous and auth) will randomly get redirected from the homepage to 127.0.0.1 for a period of time, then be able to access the site without any user intervention.
While the home page is inaccessible, all other pages ARE accessible.
Detail:
? We have an external monitor that loads the home page and scans for a block of text. If the text can not be loaded it will email an alert
? We will then have humans check the home page from different locations and IP addresses. All users will confirm that the home page is redirecting to 127.0.0.1.
? This problem persists between 10 minutes and an hour, then goes away on its own
The site gets enough traffic to need caching and this is acting like a situation where one bad actor triggers the 127 redirect, and it then gets cached and served to the public until the cache naturally clears.
The login page has been moved from the default location
What doesn’t make sense:
? Cookie-based brute force protection is NOT enabled
? All of the reports in this forum state that this 127′ redirect only happens on the LOGIN page, not the website home page (which does not have a login form or link)
There are no other security plugins installed and active.
Thanks and let us know.
]]>I got this error: after update the plugin
[STDERR] WordPress database error BLOB, TEXT, GEOMETRY or JSON column 'message_value' can't have a default value for query ALTER TABLE wp_aiowps_message_store ALTER COLUMN message_value SET DEFAULT '' made by require_once('wp-admin/admin.php'), require_once('wp-load.php'), require_once('/var/www/mysite/wp-config.php'), require_once('wp-settings.php'), do_action('plugins_loaded'), WP_Hook->do_action, WP_Hook->apply_filters, AIO_WP_Security->plugins_loaded_handler, AIO_WP_Security->db_upgrade_handler, AIOWPSecurity_Installer::run_installer, AIOWPSecurity_Installer::create_db_tables, dbDelta
Please take a look.
]]>After I have enabeled the “rename login page” function, to prevent brute force attacks, I have a problem with my custom Login-Logo and URL:
Without enabeled function it looks like this:
The Logo was changed with the Plugin White Label CMS from https://www.videousermanuals.com
]]>Hi, there,
When I access the ./wp-admin page or “Dashboard” page, it always jumps to the frontpage, eventhough I have logged in wordpress. (logged in wp through clicking ./wp-admin on cPanel)
However, if I disabled “all-in-one-wp-security-and-firewall” plugin, then it works well.
Can anyone tell me how to fix it?
I have tried: “remove the plugin” > “reset all settings” >then “re-install the plugin” (prompt error message after installation..)
the error message starts with “Dependencies check failed:…………..”.
Any solutions?
]]>Hi there,
I am having an issue with users being logged out of the website every 5min or so. The ‘Force Logout’ setting is disabled, so is there any other setting that could be causing this behaviour?
Cheers,
Cy
]]>Hej!
I use the custom login to prevent brute force attacs. Also I created a custom 404 Page, that looks fine and works perfectly, when you type a wrong url. But NOT when you type /wp-login.php instead of my custom login. If you try this, you see the default 404 page and a lot of short-codes from Divi.
How can I redirect the default login to my nice 404 page?
Thank you in advance!
]]>WP Toolkit has options to disallow execution of PHP scripts in the wp-includes and wp-content/uploads folders. I can’t find such a setting in All In One Security or is it missing?
]]>Hi!
After update WP to 6.7 on renamed URL page WordPress logo is not visible. Why not? Thanks.
Best regards,
R.
]]>Versions: WP 6.7, AIOS 5.3.4
when “Enable rename login page ” is activated the message
Please enter your username or email address. You will receive an email message with instructions on how to reset your password.
is not translated to german
]]>Hey there…
Standard idiot post lol…
First time i’ve used AIOS… but i have locked out Admin unless I use the IP address shown in the whitelisted IP settings under User Security.
The slider option is disabled for
Enable login lockout IP whitelist:
Is there another setting i have missed that only allows the IP addresses entered to gain access?
Thanks
]]>Hi, I cannot access my WordPress admin page because I do not receive in the email associated with my account the AIOS 2FA verification code that is needed to log in.
I have checked that the email with the 2FA verification code is not in the spam folder. I have also tried some of the suggestions/solving methods that I have found in the Internet regarding how to deactivate the AIOS plugin but I have not been able to do it.
I am not an IT guy or a WordPress expert, just a WordPress website DIY user from Spain that tries to do the managing of his business website on his own.
Please I need help with this as I am desperate.
Thank you very much in advance,
Borja
]]>Hi,
i try to set up a cache with jetpack but it tells me that a plugins IS already activate one .
I have no plugin cache install but when i look in HTAccess it IS written that :
AIOS create cache with wp Rocket .
How IS it possible ?
Can i deactivate all cache from AIOS ?
]]>Hello there!
I have tons of fake WooCommerce registrations and I’d like to block them using an IP blacklist.
Is it possible to do it with AIOS? And is IP blacklist available with the free version?
Regards
]]>Greetings, sincerely grateful for your wonderful product (plugin), that’s the theme: because the function is enabled “
This function allows you to prohibit external users/bots can get user information using URLs such as”/? author=1″,” /wp-json/wp/v2/users”, and the oEmbed request.
When enabled, the error “access denied” will be displayed instead of user information.”
But I see 500 errors in the Nginx log, and this has always been the case for as long as I remember, I didn’t have to write everything, so is it possible to change the plugin code so that it doesn’t give 500 errors, but for example 404, or 302, etc? Thanks
87.247.158.120 - - [09/Nov/2024:00:55:29 +0000] "GET /wp-json/?rest_route=/wp/v2/USERS HTTP/1.1" 500 243 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
87.247.158.120 - - [09/Nov/2024:00:55:29 +0000] "GET /wp-json/?rest_route=/wp/v2/USERS HTTP/1.1" 500 243 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
87.247.158.120 - - [09/Nov/2024:00:55:29 +0000] "GET /wp-json/?rest_route=/wp/v2/USERS HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
87.247.158.120 - - [09/Nov/2024:00:55:29 +0000] "GET /wp-json/?rest_route=/wp/v2/USERS HTTP/1.1" 500 243 "https://opensource.angellive.ru/wp-json/?rest_route=/wp/v2/USERS" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
87.247.158.120 - - [09/Nov/2024:00:55:29 +0000] "GET /wp-json/?rest_route=/wp/v2/USERS HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
87.247.158.120 - - [09/Nov/2024:00:55:29 +0000] "GET /wp-json/?rest_route=/wp/v2/USERS HTTP/1.1" 500 243 "https://opensource.angellive.ru/wp-json/?rest_route=/wp/v2/USERS" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"I recently had All In One WP Security installed, and have now started getting weekly emails “Turning off File Change Detected”, which list a huge number of files.
I don’t want to recieve those emails as there’s just so much information in them.
How do I turn off those email notifications?
]]>I just created a new WordPress site and then I went ahead and installed AIOS Plugin.
As I already use it in other websites so I imported the settings from one of them and then I’ve been locked out of the admin panel. The following message appears when I try to log back in:
“ACCOUNT PENDING: Your account is currently not active. An administrator needs to activate your account before you can login.”
Then I remember I had New User Approval enabled on the website I got the settings export from. Then I disabled it on the other website and exported again.
Then I disabled and unistalled the AIOS plugin Via Softaculous in cPanel and logged into the admin panel. But the problem is: the moment I install and enable AIOS again I get instantly locked out again, without even importing any settings again.
What could I do to be able to login again with the plugin enabled and be able to import the new settings file?
I already tried:
- Flushing LSCache on server’s side;
- Adding define( ‘AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION’, true ); in wpconfig.php
- Deleting Browser Cookies
Nothing worked.
]]>We use AIOS on a number of sites and have found that, despite the renaming of the login page, it is protected unless /wp-login is used.
This automatically redirects us to the login page.
Hi,
When I used the option to change table prefix, the home page had
a drop-down to pick language for a fresh wordpress install.
It changed the prefix in wp-config but it didn’t change any of the tables in the database,
Also said it changed the records in usermeta, but I looked in phpmyadmin, no tables changed.
I just see this message for every table: table name update failed
So I switched the table prefix back to wp_ in wp_config to fix the site.
Any tips appreciated.
Thanks
]]>Testing the plugin activate the option
“http desktop id” and now it asks me for a password. I noticed that it has one by default but I don’t take it into account, how do I log in? What are the default credentials?
I found myself unable to connect to the site with Authenticator.
I had to reinstall a backup, and it took hours of work before I was finally able to reconnect.
But just find that the problem is not only from your plugin.
]]>Hello,
I think there is a serious problem with the current version of the plugins. In the custom settings for .htaccess rules, ” is replaced by "e; causing a server error on the website. Without FTP access the problem cannot be solved. This never happened to me in older versions!
Regards
Wolfram