I have FluenthAuth 1.0.7.
Yesterday my server was under attack. There were 2949 blocked login attempts in about two hours.
Now here is the strange thing. They all reportedly came from the same ip.
I have a login try limit of 3 per ip activated with an unblock time of 30 minutes.
How is it possible that this still happens? There must be some ip-spoofing going on since the site is behind a reverse proxy with an ip allow list which was also fooled.
Here is a line from the log:
blocked696969!
web
windows / Chrome
18 hours ago
Description
Blocked by Fluent Auth
User Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
The attack was not successful, there was no good login. Any ideas welcome.
Would be nice if I could set the username blocklist that always blocks
]]>Hey there,
Just wanted to let you know that the latest update broke the login process. While trying to log in it just presents a blank white screen. The login is succesfull but there is no redirect etc happenin even if they are in use. Blank white screen occurs even when redirects are taken off. Console nor error log isn’t returning any errors on this subject.
Rolled the plugin back to the previous version and it works as normal.
]]>Hi
Is it possible to change the design/color of the form and specialy the button ?
Kind regards
]]>I have this issue frequently (but not always) when using the magic login on multiple sites I manage.
Nonce Verification failed. Please try again
I thought it was just me and the combination of browser and extensions I use. However, I was walking a new client through the process recently and it happened to them too.
Flushing the browser cache for the page resolves the issue, but it is frustrating when it happens.
Any way to solve this?
]]>I’ve had an issue over the last several weeks of Two-Factor Authentication via Email not sending an email. If I login with Two-Factor disabled I get a confirmation email successfully sent by Fluent Login & Security Plugin. This is across multiple sites and hosts that are properly set up with FluentSMTP as well.
Plugin Version: 1.0.6
WordPress Version: 6.3.5
Plugins: ACF, Breakdance, Classic Editor, File Renaming on upload, FluentAuth, FluentSMTP, LiteSpeed, Rank Math
Web Hosts: DreamHost, Hostinger
Hi,
The email subject contains the username as
“[Site Title] Login success for?{username}”
Is there a way to drop the username from the email subject?
Kind regards,
]]>Hi,
When the plugin sends a code for 2FA, I am seeing empty braces instead of Site Title inside of it. Like this
“[] Login success for?{username}”
For a while, the site did not have a title owing to an error in Meta Box Settings Page custom fields. But it has been fixed. However, the email subject continues empty like []
Any way to resolve this please?
Kind regards,
]]>Hi is there a way to keep the users on the same page or bring them back to it?
rather than having to setup individual redirects/forcing them to redirect?
thanks
]]>Hi,
I’m facing this error when trying to use the Login with Magic link:
fls_login.js:1 Uncaught TypeError: Cannot read properties of null (reading ‘value’) at HTMLButtonElement.<anonymous> (fls_login.js:1:6844)(anonymous)@fls_login.js:1
Could you look into this please?
Thanks,
]]>Hi,
When trying to Sign in with Google, I keep getting:
Your ID token could not be processed. Please contact your System Administrator.
/wp-login.php?login_errors=ID_TOKEN_ERROR
So, I disabled WPO365 Login plugin and it seems to work fine now.
So, if the clash could be fixed somehow please, that will be great. Maybe use a different permalink endpoint? or allow us to specify one?
Thank you,
]]>The Reset Password link that is set to the user goes back to the password reset form, with only the option to input the email to be sent the reset link again. When adding the custom redirect url in the shortcode, to attempt to go to the login page, it does not work either.
I should note my users are not given access to the WP Admin / backend, only front end account pages.
]]>Hi,
Is it possible to get first time users to register via the Magic login URL please?
Thank you
]]>Hi,
Any plans to add more IdPs than just Google and Github? Like:
Thank you,
]]>Hello
I want to redirect to a specific page after login where the user has a specific usercode. This simply does not work.
Also, I would like to be able to redirect to a specific page after login when TWO user codes are required. I note that it is possible to specify more than 1 user code but I am not sure if the codes are ‘AND’ed or ‘OR’d. Can you please help? The first problem is really annoying.
Thanks in advance.
]]>Hello,
I’ve installed fluent auth and loco translate, translated some of phrases but after that nothing changed.
Loco translate is synced and there is no any cache on website. Other translations work fine (for other plugins).
Can you help me or is it problem with code in Fluent Auth?
Regards!
]]>The WordPress plugins page says the plugin was last updated 7 months ago. Is this correct? Are you planning on updating the plugin in the future?
]]>Hi, I enabled Social Login with Google, and I have disabled the general WP Settings of “Anyone can register”. However I notice anyone can sign in with a Google account and auto-create WP user.
How can I prevent this please? I only want to enable login, not register. Thank you.
]]>I would like to give certain users access to the log page so they troubleshoot user login issues. I don’t want to give them access to anything other settings in the plugin.
Is there a way to do this?
Could this be added as a feature (or via a snippet)?
]]>The magic login does not work when adding the shortcode, get the error:
fls_login.js:1 Uncaught TypeError: Cannot read properties of null (reading ‘appendChild’)
at HTMLDocument. (fls_login.js:1:5459)
Hi,
I sometimes have my users blocking their accounts. And I want to unblock them without having to wait the predefined blocking time.
How can I do this?
]]>Hello, Your plugin is great and works very well. However, I cannot translate certain form fields with Loco translate. Additionally, I would like to know if it is possible to add fields to the contact form. Thank you in advance for your help !
]]>Hi. Is it possible to place the Magic Login Button on a WooCommerce Account page? Or is there a workaround known?
]]>I am not able to use the Two-Factor Authentication Code. It is not working. Nothing happens, no error message. It just does nothing.
]]>Hi, thank you for this great plugin.
I just implemented social login on my WooCommerce site.
The social login button only appears on wp-admin, it doesn’t appear on the WooCommerce login page.
Can you fix it?
TIA
Best Regards,
Akah
Hi!
On my website I cannot setup FluentAuth because on every page there is the following error: “Something is wrong”
In the browser console, these are the details:GET https://website.com/wp-json/fluent-auth/auth-logs?per_page=10&statuses%5B%5D=failed&statuses%5B%5D=blocked&page=1&query_timestamp=1684849619663 404
Note: I changed the URL from the real website.
Thanks in advance for any help.
Best,
Ingo
I’m trying to create a Client Portal page which displays the Fluent SMTP shortcodes.
I’ve tried shortcodes for both the login form and the magic login. Nothing happens when I click the button.
I see this in the browser console:
Uncaught TypeError: e is null
<anonymous> https://website.com/wp-content/plugins/fluent-security/dist/public/fls_login.js:1
I’m using Astra plus Astra Pro. Page Builder is Beaver Builder, but I’ve seen the same behaviour when editing in the Classic Editor with Beaver Builder disabled for the page.
]]>This isn’t a big issue, but if you set max login attempts to 3 – the plugin will allow 4 failed attempts before locking out the IP.
I have tested this on several websites and different values of max login attempts. The plugin always gives 1 extra attempt.
]]>Here is screenshot: https://snipboard.io/VG0LCZ.jpg
Error message:
Uncaught TypeError: Cannot read properties of null (reading ‘appendChild’)
at HTMLDocument. (fls_login.js:1:5459)
(anonymous) @ fls_login.js:1
I have identified 4 issues, but I would like to note that some or all of these issues may be related to it being network activated on a multisite network:
1. Magic Login does not always work. Especially on the main site of the network or on my subsite that has the BuddyBoss Platform plugin activated (I’m still trying to figure out what is causing this but it sometimes works on the other subsites). Once a user inputs their email to be sent, it displays an error saying “You are trying too much. Please try after 30 minutes.” It might be hard to test this but I have witnessed it happening despite it being the first time attempting to login or after waiting 30 minutes. This was tested with all network and site plugins deactivated and
2. When the magic login link does work, the login redirect that I set up does not work with it. It works fine when the email passcode is used, but the magic login link is mysite.com/wp-admin/. This results in an error presented to subscribers in particular saying:
“You attempted to access the [Site] dashboard, but you do not currently have privileges on this site. If you believe you should be able to access the [Site] dashboard, please contact your network administrator.”
3. On a multisite, it appears as though the two factor authentication does not trigger for users who are not registered to that subsite on the network but they are still able to login per normal multisite behavior. That bypasses the “Select roles that require two-factor authentication” setting, so they are able to log in without an email passcode or magic link. If they select Magic login link, they are sent a link to login but the first or second issues above occurs.
4. Also on a multisite, and again with users who are not technically registered to the subsite, but logged into the network, the “Disable admin bar and /wp-admin/ access for selected user roles” is not triggered at all for users that are not assigned a user role. I would much prefer negation setting, like “Disable admin bar and /wp-admin/ access for specific user roles (Leave blank to enable admin bar and /wp-admin/ access for all users).”
]]>