Regular password fields are hijacked

  • (Unloq, v. 2.1.14)

    Hello,

    I have several protected pages that students and clients need to acces by a regular old school password, standard method, no 2FA here.

    However, after entering a password (correct or incorrect) in the text field, I now get redirected to the Unloq login screen, which makes it impossible for other than me to acces the content.

    I really need this to stop, but I have no idea how. Where’s the checkbox that I missed?

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author unloqer

    (@unloqer)

    Hi Lars,
    Could you please include the plugin that you’re using to handle password protected links? So that we can see what the issue is

    Thanks.

    Thread Starter lmsoren

    (@lmsoren)

    Hi,
    There’s no plugin. Just a regular old password text field. Works fine without Unloq, redirects when Unloq is active.

    Plugin Author unloqer

    (@unloqer)

    Hi,
    When UNLOQ is set as “UNLOQ Only”, it disables any attempt on wp-login.php functionality (including postpass, register,retrievepassword,lostpassword,resetpass,rp).This is a wanted feature, since it blocks password authentication requests and only allows unloq-only requests.
    The easiest way of having it work is to set the Authentication type to “Password & UNLOQ as second factor”. This will then not block password-authentication requests.
    Let me know if this works for you.
    Regards

    Thread Starter lmsoren

    (@lmsoren)

    I would definately appreciate some level of control of what is affected by Unloq and what isn’t:

    With the plugin active and authentication type set to Password + Unloq, the user will never be able to login. Even after submitting the correct password, she is redirected to a Unloq screen that requires a different pass, that she doesn’t have.

    Unloq handles backend login beautifully once it is set up, but the rest is not so good IMO.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Regular password fields are hijacked’ is closed to new replies.