User Lockout after one attempt

  • I found a bug in the way that the plugin counts bad login attempts. The timeframe for counting bad login attempts is not being respected because of an error in the SQL.

    User’s were repeatedly being locked out after only one attempt.

    The fix as follows:

    In class-itsec-lockout.php

    This line:

    “SELECT COUNT(*) FROM " . $wpdb->base_prefix . "itsec_temp WHERE temp_date_gmt > ‘%s’ AND temp_username=’%s’ OR temp_user=%s;”,

    Should be:

    “SELECT COUNT(*) FROM " . $wpdb->base_prefix . "itsec_temp WHERE temp_date_gmt > ‘%s’ AND (temp_username=’%s’ OR temp_user=%s);”,

  • The topic ‘User Lockout after one attempt’ is closed to new replies.