Attention – nasty trap

  • Marco Angermann

    (@marco-angermann)


    1 year ago

    In my search for a plugin for 2-factor authentication for our website, I gladly accepted Pixelite’s recommendation as a satisfied Events Manager user. However, after the installation initially went smoothly, it got extremely stuck in the implementation and even led to the point that I could no longer log in to my site as an admin – the error came up that my login data supposedly no longer worked correctly. Fortunately, I had tested it in parallel via incognito mode in another browser window and was thus able to avoid a lot of damage and trouble, as I was still logged in elsewhere and was able to deactivate the plugin or try out different settings…

    In the end, the solution was quite simple – I had to add the AJAX effects to the regular WP login forms, i.e. check the corresponding box in the settings. But I only came up with this by trial and error, as the documentation is completely inadequate.

    So be careful when installing and using the plugin – don’t let it become a nasty trap and exclude yourself from your site!

    And @pixelite – you should really think carefully about whether you publish such a plugin in this form and with this risk for the user. But I will keep the plugin and see if it does what it is supposed to do or if there are more problems with it…

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Marcus

    (@msykes)

    Hello, we take this stuff seriously and test thoroughly, I haven’t experienced this issue you’re reporting, not to say that maybe you’ve come accross a bug.

    I’m confused as to how you locked yourself out… was it due to a security setting, or something else? What error did you get? The only thing I can think of that’d lock you out is if you enable 2FA, but some setting prevents it from loading yet forces you to authenticate, for that though I’d need more info to investigate.

    FYI – If someone gets locked out and reads this, the quickest solution is to rename our plugin folder, e.g. wp-content/login-with-ajax to anything else, log in, rename the login-with-ajax plugin and review settings whilst logged in.

    jsafire

    (@jsafire)

    I’ve been using LWA since ~ver 2.1 on 4+ sites (currently on 11 sites) and have never run into any such issue. Since you appear to be ‘savvy, it would be helpful to include more information – at least confirm the version of LWA.

    Also, it seems unnecessary and irrelevant to mention who recommended this plugin to you; obviously, they have not run into the same issue you had. Did you search the Support threads or Active/Unresolved Topics before posting your issue? It sounds like you are jumping the gun with dire warnings before looking even an inch below the surface.

    Cheers, Jeff

    Plugin Author Marcus

    (@msykes)

    @jsafire we recommended via our other plugin ??

    glad to hear you’re not having issues though, moreover on so many sites! a 5* review would be appreciated if you haven’t already ??

    jsafire

    (@jsafire)

    Done. And btw, I am almost certain I “donated” to the plugin early on, probably like $20 or $25, which I often did for the free plugins I found useful. But, since I’ve been using it for so long on so many sites, I will be going “Pro” very soon. A few of my clients have been asking about more versatility than the current 2FA (Wordfence) they have enabled. And PassKeys would really be nice to have.

    Oops. I forgot Pixelite was you.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Attention – nasty trap’ is closed to new replies.