Login Math question is not working

  • Resolved eddiemcham

    (@eddiemcham)


    7 years, 10 months ago

    Hi,

    We’re running WP 4.7.5 multi-site. Two of our site admins have recently informed me they were able to log into their respective wp-admin areas without answering the math question. I don’t recall if they were working in the same site or different sites, but either way, I would’ve expected them to be denied access if they skipped the math verification.

    Can someone please advise?

    ~ thx, Eddie

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Jeremy Herve

    (@jeherve)

    Jetpack Mechanic ??

    Thanks for the report! Could you walk me through the steps your site admins follow to skip the math verification, so I can try to reproduce?

    Could you also post your site URL here, so I can take a closer look at your Protect settings? If you want it to remain private, you can also contact us via this contact form:
    https://jetpack.com/contact-support/

    Thanks!

    Thread Starter eddiemcham

    (@eddiemcham)

    I can’t give you the wp-admin URL, but I can give you the steps taken:

    1. Log in the first time OK; no math question given.
    2. Log out from wp-admin OK.
    3. Log in again shortly afterward; math question asked.
    4. Supply login name & password but skip math question.
    5. Press ENTER or click SUBMIT; she gets into wp-admin area OK.

    One admin is having this issue; the other answered the math question and got in fine, which is expected. It doesn’t appear to be specific to any one site within the multisite network, nor is it limited any one browser. We tested in FF & Chrome.

    I looked at the Jetpack Protect settings. “Block suspicious-looking sign in activity” is turned on, both at network level and site level. We have no IP addresses in our whitelist. In other words, we’re using the default settings.

    I hope that gives you enough to go on. I’m about to head to a conference, so won’t be back until Monday.

    Thanks again!
    Eddie

    Plugin Author Jeremy Herve

    (@jeherve)

    Jetpack Mechanic ??

    Thanks for the extra details!

    Log in again shortly afterward; math question asked.

    Does this happen after providing the wrong login details once, twice, or more?

    I can’t give you the wp-admin URL

    Could you send it to me via the contact form above, so I can take a closer look at the communication between your site and the Protect API?

    Thanks!

    Thread Starter eddiemcham

    (@eddiemcham)

    They were logged in fine the first time. Then they logged out, and back in again very shortly afterward. I suspect the Protect plugin might’ve viewed this as brute-force attack behavior; hence the math question the second time. But that’s just my guess.

    Do you *have* to log into our system to diagnose? I don’t mean to be difficult, but I’m really not at liberty to give that information outside our team.

    Plugin Author Jeremy Herve

    (@jeherve)

    Jetpack Mechanic ??

    Do you *have* to log into our system to diagnose? I don’t mean to be difficult, but I’m really not at liberty to give that information outside our team.

    No, I don’t need any login credentials. I would just need to know your site URL so I can look at how the Protect API communicates with your site today, and if there are any issues with that communication.

    I suspect the Protect plugin might’ve viewed this as brute-force attack behavior; hence the math question the second time. But that’s just my guess.

    This is probably not the case, as the math fallback only appears if you fail to log in, if your IP has been flagged, or if your site fails to communicate with the Protect API.

    I’m thinking it could be a communication issue, but I’d need to run some tests to find out.

    Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Login Math question is not working’ is closed to new replies.