Odd new login page behavior

  • Resolved saintandrews

    (@saintandrews)


    5 years, 6 months ago

    I’ve been using a common script in my child theme functions.php file to customize/override the default WordPress login page error message.

    function login_error_override()
{
    return 'Login error override example';
}
add_filter('login_errors', 'login_error_override');

    With a recent update of Ninja Firewall (tested by disabling/enabling NF) the (overridden/customized) WordPress error message has been popping up every time NF passes my whitelisted username to the WP login page instead of only when a login error is actually made logging in; previously the custom error message only appeared when a login error was made at the WP login page. As mentioned, with NinjaFirewall disabled the default WordPress login page and my customized error message perform properly as they have all along, including with prior versions of NF.

    Any pointers to where I should look in NF settings or elsewhere to remedy this new behavior?

    Thanks.

    • This topic was modified 5 years, 6 months ago by saintandrews.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author nintechnet

    (@nintechnet)

    How do you access the login page: /wp-admin/ or /wp-login.php?
    If you access /wp-login.php directly, then that’s normal because you will send a POST request to the NF brute-force protection form which will forward it to the wp-login.php. Because this is a POST request, the WP login page will throw the login error message (empty username/password).
    If you access it over the /wp-admin/ URL, then that’s not normal.

    Thread Starter saintandrews

    (@saintandrews)

    /wp-login.php

    But it has never previously thrown the login error message, only granted my whitelisted username and password access from the NF login screen to my logo-and-otherwise-customized WP one, displaying no error message, at which point I reenter my username and password, and I’m in.

    In other words, when previously given my whitelisted username NF has simply presented me with my underlying WP login page exactly as it appears with NF disabled, no error message or anything else different.

    OTOH, if I enter a random username and password on the external NF protection form, it simply refreshes itself, offering no other indications, patiently awaiting a whitelisted name.

    Plugin Author nintechnet

    (@nintechnet)

    I tried with an old NF 3.6 (december 2017) and it behaved similarly.
    The fact that it forwards the POST request to the WP login page triggers the login error.

    I think the only way to stop this is to add a reauth = 1 field to the NF HTML form.
    Can you try to access the login page /wp-login.php?reauth=1 instead and see if the problem is still there?

    Thread Starter saintandrews

    (@saintandrews)

    Brilliant. Yep, that fixed it.

    Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Odd new login page behavior’ is closed to new replies.