Login fails, but fine on normal login

  • Resolved daveporter

    (@daveporter)


    3 years, 11 months ago

    Hi there,

    I have a site that I recently updated following no updates for 3 or 4 years.

    The site used the clean login, and it was working fine until a few days ago (perhaps following the update 5 days ago?
    But now I am finding that I can login ok using /wp-admin
    But the Clean Login work fails when I type in exactly the same details.
    Any thoughts ?

    Regards, Dave

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author Javier Carazo

    (@carazo)

    I have just tested in some sites and all works.

    It is working in the latest updates.

    Please check your site or try in a different site.

    Thread Starter daveporter

    (@daveporter)

    Hi Javier,
    Following having this issue, I updated the site to WP 5.6 and all seems to be working fine now.

    Best regards, Dave

    Plugin Author Javier Carazo

    (@carazo)

    Great.

    I also am experiencing this exact issue just recently. It seemed to appear randomly as I had not yet updated the plugin for several months nor WordPress. In an attempt to fix it i updated everything, but I’m still unable login using my admin account via the clean login form. This worked fine before.

    Plugin Author Javier Carazo

    (@carazo)

    We have not changed anything about it, so it seems to be some bad interaction with WP login. This is really strange.

    @daveporter solved this issue updating to WordPress 5.6. Which version are you using?

    I’m on 5.6 now – I updated after reading this thread hoping it would fix it for me as well. I’ve tried creating new user accounts to test, tried logging in with both email and username, and several other things today. Not sure why it’s not working anymore..

    Just an update – I went tinkering with the code and confirmed it had to do with the nonce not verifying, so then I checked the login page and realized the nonce was not updating.. the page was being cached!

    Any reason why you chose to use nonce verification? The wordpress login page does not use it, and urls without query strings (to indicate they are dynamic) are often cached by plugins, nginx, cloudflare, etc.

    • This reply was modified 3 years, 11 months ago by MrBrian.
    Plugin Author Javier Carazo

    (@carazo)

    We included a nonce because this is not a standard login form an bot could attack it.

    Surely the best way to prevent is making some kind of GET parameter in this page so we prevent this url to prevent caching (like WooCommerce do when you need to get gelolacted compatible with page caching).

    I am going to do it and tell you to test when done.

    Plugin Author Javier Carazo

    (@carazo)

    I have just done it.

    Try it and tell me if it works.

    Plugin Author Javier Carazo

    (@carazo)

    You have to enable it in settings page.

    The settings name is “Enable timestamp GET parameter in login page to avoid problems with page cache”.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Login fails, but fine on normal login’ is closed to new replies.