XMLRPC brute force attacks are increasing: https://blog.sucuri.net/2014/07/new-brute-force-attacks-exploiting-xmlrpc-in-wordpress.html
I can’t find any reference on its protection by this plugin. Would be great to have it too.
Notice: Undefined index: dashboard_plugins in C:\xampp\htdocs\mysite\wp-content\plugins\login-lock\plugin_tools.php on line 185
]]>The Login Lock plugin has been removed by the WordPress authorities. If you are looking for a replacement, take a look at the Login Security Solution plugin. The feature set is very comprehensive and the code is well engineered.
I hope you will please pardon me for being so crass as to suggest my own plugin.
]]>Protected my website from many automated attack.
]]>I tested Login Lock on a BuddyPress site. It didn’t work.
I also noticed the plugin adds two links to their site on the login page. They are fairly discrete (not big and red and flashing). I saw no way to turn these off in the settings. On the settings page I saw about 12 ways to support the plugin author, but no way to turn off his links on my front end page.
I am not really cool with this. Aside from the fact that it does not work with BuddyPress, I am less likely to use the plugin or even support the author (if I did use it) because of this practice.
]]>I tried Login Lock with a BuddyPress site. I did not restrict the choice of passwords. I did not further testing. I did notify the plug-in author via their contact form.
]]>Hello,
It seems that this plugin is not compatible with Cloudflare. It just shows the server’s ip address.
Regards,
Hi Guys,
I have received a hack attempt from a russian ip and now wish to block it permanently. I can see a ‘Blocked ip addresses’ section at the bottom of the settings page but I’m unsure of how to insert an ip address there.
Your advice would be appreciated.
Greetings…
How would one go about limiting the lockout notices to a single admin. As it is, there are several admin and only one of us (me) is responsible for monitoring and addressing hack attempts. So other admins are complaining to turn off notifications – which I obviously do not want to do. Any tips for how to change this? Thanks in advance.
]]>I have an installation with Duo Security, and when Login Lock was installed, it would redirect me to the Duo page, and after confirming with Duo, would redirect me to the original login page, and would never let me log in.
]]>I’m extremely concerned about something that happened a few minutes ago. I went to login to my site and got a message in Chrome that my site had continuous redirecting and I couldn’t figure out the problem. Deleted all my cookies, tried again in IE and Chrome, same issue. Was on hold with FatCow (my host) and decided to just go to my site https://www.nixonvs.com to see if it was down and ironically, there was a screen directing me to change my password. I did, then logged in and changed it again for good measure but then I checked your plugin because I use it and it shows your site’s certificate is revoked so I didn’t log in. I immediately deactivated your plugin.
What’s going on? I can’t visit your site to see what the issue might be, but is there a known issue with this plugin? Had anyone else gotten that page they would have been able to change the password without my knowledge. Has your site been hacked?
]]>Firefox is reporting your site – https://wpsecurity.net/ – as a security risk due to an outdated certificate.
]]>After installing the plugin I `get this error on the site and I can not access the administration panel
Warning: Cannot modify header information – headers already sent by (output started at /home/haciendoweb/wp-config.php:92) in /home/haciendoweb/wp-includes/pluggable.php on line 866
I’ve deleted manually but the error persists
]]>I went to login to my admin account a couple of days after installing and it said “undefined”. I tried to reset my password and it said I could not use it. I had never used it before. I have check several other accounts on this website and it was the same.
I went to WP Security Contact page and filled out the contact form. That was two days ago and I have not heard a thing so I just uninstalled it.
All of my accounts are still broke though. I have had to reset the passwords manually to get them to work.
]]>In general, I like this plugin except that in my environment at least, if I activate the plugin, when users use the “forgot your password” tool–or when I use the emergency lockout feature to reset all users passwords–users are unable to enter a new password that will allow them to login to WordPress again. No matter what password a user enters in the reset password screen, they get a login failed response. This is true even if I disable password policy features in the plugin. The only way to get password reset functioning again was to deactivate the plugin.
I’m using WordPress 3.3.1 and Login Lock 2.2.7, both of which are the latest versions as of this writing.
I submitted a request for assistance at wpsecurity.net, but have not received a response.
]]>We initially liked this plugin however after detailed tests allocated number of issues:
1. As soon as the plug was installed we noticed a immediate design issue/conflict which appeared in Plugin page when you go to search for a plugin via Add New, the ratings column is pushed to the right and the ratings don’t fully show any longer
2. The conditions do not appear to always work correctly
3. The plug is conflicting with other logging plugins on failed logins (e.g. Simple Login Log) and as there is no historical information it is necessary to install others
Sadly due to these issues we uninstalled the plugin from live sites.
]]>Hello,
I’m still seeing the same problem that existed in previous versions… If you enable a password policy and it expires you get a blank html login page and can’t reset your password or login to WordPress.
Work around are deleting the plugin with FTP or cpanel and then logging in again. The plugin works if you disable password policy settings (set to NO).
I’ve reported the bug to the developer but haven’t heard anything back…
Remember to report bugs here:
https://wpsecurity.net/contact-us/
Hey,
Login lock 2.2.7 seems to be having the same problem as previous releases of producing a blank page if you have password aging set. It is the same issue as this thread:
]]>Started getting this error this morning: “This webpage has a redirect loop” when trying to login to my site. I erased the login-lock folder in my plugins directory and that fixed the issue. Just curious to know if anyone has seen this issue before with this plugin. I really like this plugin and would love to continue to use it.
A little more background: I started getting the error randomly this morning. The plugin has worked fine up until this morning. It was the latest version of this plugin.
Cheers!
]]>After updating WordPress to 3.3.1 I got errors and I closed all my plugins. When I activated Login Lock I got the message “traffic diversion so this websiteaddress cannot reached anymore”. The webaddress was in the browser beam, but everytime I got this message. So I put the plugin in the trash and installed him again, the newest version, but the same warning and error. Now I dont use it anymore.
]]>I noticed today many login attempts from one IP. I thought it would be great to have a permanent block on that IP. In general the default settings for this plugin are good but having a ‘black list’ would be useful.
Also having a way to view all IP addresses that have been blocked and then unblocked via the timeout would be a good way to keep an eye on things. I see the blocked IP is listed during the blocking period but then it goes away and the only record is in the emails.
thanks for a great plugin.
]]>When I logged into wp the message was:
Fatal error: Call to undefined function is_rtl() in /home/mhd-01/www.xxxxxx.com/htdocs/wp-includes/general-template.php on line 2102
]]>Hello,
I’m running WordPress 3.3.1 with Login Lock 2.2.3 and it has a pretty serious bug. I’ve got password aging on and when it a password needs to be reset it presents a blank html page instead of an option to reset. Here is an example:
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=”https://www.w3.org/1999/xhtml” lang=”en-US”>
<head>
<title> › Reset Password</title>
<meta http-equiv=”Content-Type” content=”text/html; charset=UTF-8″ />
<link rel=’stylesheet’ href=’https://www.domainex.com/wp-admin/login.css?version=3.3.1′ type=’text/css’ />
I’ve had the same problem in other installs with 3.3. Anyone else seeing this?
TIA
]]>When someone normally fails a login, WordPress will tell them whether the problem was that the username didn’t exist or if they just got the password wrong. That’s bad for security because it lets hackers know that they have a valid username.
Does your plugin mask that? I’d like to switch to this plugin, but would need it to have that feature.
]]>Fatal error
]]>is_rtl function fatal error with 3.3 and Login Lock. Disabling plugin averts error.
]]>Numerous 404 errors are found for a file Login Lock 2.2.3 plugin:
plugins/login-lock/js/loginlock.js?ver=2.0
The /js/ directory does not contain this file.
File called in loginlock.php on line 1505 as follows:
wp_register_script( ‘loginlock’, WPSEC_LOGINLOCK_URL.’js/loginlock.js’, ‘jquery, common’, WPSEC_LOGINLOCK_VERSION, false );
]]>if it was this would be brilliant!
]]>When I edit a user (e.g. change the password), I get the following errors:
Warning: Missing argument 2 for LoginLock::ll_check_psw_strength_hook() in /home/—-/public_html/wp/wp-content/plugins/login-lock/loginlock.php on line 810
Warning: Missing argument 3 for LoginLock::ll_check_psw_strength_hook() in /home/—-/public_html/wp/wp-content/plugins/login-lock/loginlock.php on line 810
Fatal error: Call to undefined function ll_check_psw_strength() in /home/—-/public_html/wp/wp-content/plugins/login-lock/loginlock.php on line 818
Something seems to be wrong with passing the 2 password params into the hook function.
]]>