I was locked out by “Rename Login”

  • Resolved davidovic123

    (@davidovic123)


    1 year, 5 months ago

    Hi AIO Security support team,

    I’m currently locked out of my website!

    I was doing my settings and wanted to use “Rename Login Page”. I entered my “Custom Secure Login” and didn’t check “Enable Rename Login Page”, because I don’t want to rename the wp-login file.
    Screenshot: https://www.screencast.com/t/6x6w9p4f

    But it didn’t work. The plugin refused me access. And now I’m out of my site.

    I must say that I was already using the “WPS Hide Login” plugin for this, and it worked very well. There was never any lockout. When a login is entered incorrectly, it sends you to a 404 error page.

    But since you offer the same thing, I chose to use your feature. It’s included in your offer and will enable me to reduce the number of plugins installed. So I deactivated and removed “WPS Hide Login”.
    When I use your feature, it doesn’t work. Users are blocked. And it’s a source of stress and wasted time for days trying to solve the problem.

    There’s no sense in putting a WARNING on the page that there’s a risk of being locked out. Because no matter what we do, we’ll be blocked anyway!

    Other plugin developers manage to offer this functionality without the user being blocked.

    Why can’t you do the same for Custom Login? Because you can.

    I can do it myself by renaming the wp-login file and changing the wp-admin login. But I don’t want to rename the file.

    As long as it doesn’t work on your side, I’d advise you to simply remove this feature from your settings and functionalities. Because it simply doesn’t work. And it will save users a lot of trouble and stress. And for you, to avoid complaints.

    I deactivated your plugin from my cPanel, I deleted your settings in .htaccess and I tried to inspect the “wp-login” file, nothing allowed me to solve the problem!

    Now I can’t access my website. So please help me regain access.

    Thank you very much,

    • This topic was modified 1 year, 5 months ago by davidovic123.
Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @davidovic123

    Sorry for inconvenience.

    If you do not checked the checkbox it should not enable the rename login page. and if you enable rename login page you should remember that slug.

    This feature is used by many users and stops invalid login attempts. Yes we should have easy solution if renamed login page forgot it can be easily disabled. I will create internal ticket for this.

    You may follow below instructions it will remove the plugin completely and you may try install again.

    In extra of remove the plugins files /wp-content/plugins/all-in-one-wp-security-and-firewall,
    tables start with {tableprefix}_aiowps needs to removed also remove from wp_options having “aio”

    SELECT * FROM wp_options WHERE option_name LIKE '%aio%'

    https://snipboard.io/AVyaWZ.jpg

    Please also remove from .htaccess all code between,

    “BEGIN All In One WP Security”
    “END All In One WP Security”

    Also make sure that wp-config.php. , htaccess, .user.ini file in root of the wordpress installed directory do not include the aios-bootstrap.php
    and remove aios-bootstrap.php from the same folder you have wp-config.php

    Also remove the wp-content\uploads\aios\firewall-rules\settings.php

    Thread Starter davidovic123

    (@davidovic123)

    Hi @hjogiupdraftplus,

    I followed your steps:

    1/ removed the plugins files /wp-content/plugins/all-in-one-wp-security-and-firewall
    2/ removed {tableprefix}_aiowps
    3/ remove from wp_options having “aio” (checked but no exits)
    4/ removed from .htaccess all code between:
    “BEGIN All In One WP Security”
    “END All In One WP Security”
    5/ wp-config.php. , htaccess, .user.ini dont’t contain aios
    6/ removed aios-bootstrap.php from the root
    7/ removed the wp-content\uploads\aios\firewall-rules\settings.php (I removed all aios folder)

    But I can’t regain access!

    The urls website.com/wp-admin or website.com/wp-login don’t work anymore. The screen displayed is blank!

    How to regain access?

    Thread Starter davidovic123

    (@davidovic123)

    I’d just like to add that I didn’t quite understand your screenshot, the elements displayed there were not found in the wp_options table.
    I did an aio search, but nothing was found.

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @davidovic123

    If there is not such records in wp_options then it will be it was removed before.

    Generally If followed the steps mentioned it should remove everything regarding AIOS.

    Do you have multi site installation?

    Do there is any cache plugin there ? If yes please remove its cache once.

    If screen displayed blank is it 500 error ? then should cross check error_log

    If it is 403 forbidden error cross check .htaccess and if possible contact server provider.

    Regards

    Thread Starter davidovic123

    (@davidovic123)

    Hi @hjogiupdraftplus,

    It’s ok. I solved the problem with my host. But the “Rename login” feature is risky and doesn’t work properly. That I won’t use again, unfortunately.

    I used to use WPS Hide Login and it works. It doesn’t rename the “wp-login” file because it may be used by another service, in which case it won’t find it if it’s renamed. And access to the site is never blocked.
    By the way, that’s what I understood from your settings, because you leave the option to check it or not. If your plugin requires it to be checked, it should not validate, but display a warning message.

    It would be nice to give the user the option of renaming the wp-login file or not. And also display the 404 error page when a wrong login name is entered.

    I’ll use the plugin, but not the “Rename login” feature. Looking forward to your updates.

    Thank you,

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @davidovic123

    Ok, Here for AIOS renamed login page and 404 login lockout enabled

    You have that many attempt for wp-login page which raise 404 errors that it might blocked your IP address that might be the issue.

    We will cross check in more detail to improve Rename login page features if possible.

    If the site login page can be accessible using wp-login ( instead wp-login.php). It is still exposing the login page.

    Regards

    HEADS UP!

    I whitelisted someone today and got this on the renamed login page:

    “Access to?apextendedcare.com?was denied”

    I’ve used this plugin on multiple sites for years. the combo of whitelist/lockout kills the admin login.

    Same issue! This is an issue that hasn’t been resolved.

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @ceef454,

    Can you please try add below constant in wp-config.php?

    Note : It will disable login white list ip for all.

    define(‘AIOS_DISABLE_LOGIN_WHITELIST’, true);

    If it solves the issue it migh be the IP is not static and it has been changed.

    Regards

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘I was locked out by “Rename Login”’ is closed to new replies.