wp_login_failed event is not triggered

Thank you for reaching out to us.

Is it possible that the simple-membership plugin interferes with the wp_login_failed hook?

As far as I know, no it does not interfere with wp_login_failed hook. However do you have any addons for our plugin that manages the login process? Do you have any other plugins that triggers the wp_login_failed hook installed in your site?

You might like to try the following troubleshooting steps. This could help you find out if another plugin or your theme might be causing this issue in your site.

https://simple-membership-plugin.com/forums/topic/test-for-plugin-and-theme-conflict-before-posting-an-issue-or-a-bug/

Kind regards.

• This reply was modified 4 months, 1 week ago by mbrsolution.
• This reply was modified 4 months, 1 week ago by mbrsolution.

Thank you for your reply.

I have the following add-ons: SWPM Misc Shortcodes, SWPM Partial Protection, SWPM Show Member Info.

Yes, I use [swpm_login_form] that manages the login on my site.

Give me a bit of time to do some testing later today, by temporarily removing the [swpm_login_form], and also testing for plugin conflict, with the steps from the link above.

I’ll get back to you with my test results.

Greetings from Liviu

I have done the Plugin Conflict Test (as indicated in the link above), I have disabled all the plugins except two: the Simple-Membership plugin and my own little plugin:

function efpf_on_login_failed($username, $error) {
? ?error_log('Fired!');
}
add_action('wp_login_failed', 'efpf_on_login_failed', 10, 2);

I have also switched to WordPress Twenty Twenty-One?theme.

The issue remains: wp_login_failed hook is not fired when I fail to login via the [swpm_login_form]. And the wp_login_failed hook is fired when I fail to login via the wordpress wp-admin page.

By the way, the wp_login and wp_logout hooks always work with the Simple-Membership plugin and with the [swpm_login_form]:

function efpf_on_user_login( $user_login, $user ) {
error_log('Logged-in!');
}
add_action('wp_login', 'efpf_on_user_login', 10, 2);

Any ideas?

Greetings from Liviu

Thank you for providing more information. I have submitted a message to the developers to investigate further your issue/findings.

Kind regards.

Thanks! Looking forward to hearing from you.

Greetings

Hallo?@mbrsolution,

Were the dev team able to reproduce my issue? I’m really curious.

I have retested the ‘Plugin Conflict Test’ with the latest WordPress version 6.6.1. that just came out, running Twenty Twenty-One theme => the issue is still present.

Greetings from Liviu

The developers are still investigating this issue. I will let you know once I hear from them.

Kind regards.

Hi, When the login operation is initiated from our plugin, the ‘wp_login_failed’ hook will not be triggered because our plugin’s login process differs from the standard WordPress (WP) login process. The ‘wp_login_failed’ hook will only work if the login is initiated from the standard WP login page, not from our plugin’s login page.

To address this, we have added a new hook in our plugin that triggers when our plugin’s login process fails. If you upgrade to the latest version of the plugin, it will trigger the following action hook upon a failed login authentication:

swpm_login_failed

Let me know if that can work for your customization.

Thanks for the update!

On my site, site administrators cannot login as swpm members via the?[swpm_login_form], and I would like to keep it that way, for security reasons.

Please find below my test results for the simple-membership version 4.5.0

Test 1: FAIL

Successful login in the wp-admin dashbord initiated from the standard wp login page, by an site administrator role, unexpectedly triggers the swpm_login_failed hook. wp_login_failed hook is not triggered, as expected.

Test 2: PASS

Successful login in the wp-admin dashbord initiated from the standard wp login page, by an swpm member does not trigger the swpm_login_failed hook, as expected.

TEST 3: FAIL

Failed login in the wp-admin dashbord initiated from the standard wp login page by an site administrator (wrong password) triggers the swpm_login_failed hook and also triggers the wp_login_failed hook. I did not expect here both hooks to be triggered, I expected just one hook to be triggered.?

Test 4: PASS

Failed login via the?[swpm_login_form] by a non-existing member correctly triggered by the swpm_login_failed hook. wp_login_failed hook is not triggered.

Test 5: Pass

Failed login via the?[swpm_login_form] by an existing member correctly triggered by the swpm_login_failed hook. wp_login_failed hook is not triggered.

Conclusion

2 out of 5 tests failed.

Test 1 shows really a bug and should be solved.

Test 3 shown inconsistencies with the rest of the cases. Either (1) suppress the triggering of wp_login_failed hook as in the rest of the swpm cases or (2) do not trigger the swpm_login_failed hook.

Greetings from Liviu

Hi, Thank you. I think the login failed hook was getting triggered for admin user entries that didn’t have a corresponding SWPM user. I have updated the condition for the ‘swpm_login_failed’ hook that should help with that so the behavior of this hook is closer to what you expect. Below is a version of the plugin where I have made the changes so you can test it out.

https://simple-membership-plugin.com/wp-content/uploads/simple-membership.zip

Hallo?@mbrsolution,

Thank you for creating the update.

the login failed hook was getting triggered for admin user entries that didn’t have a corresponding SWPM user

Yes, that is what I also thought.

Please find below my test results for the patch.

Test 1: PASS (was fail)

Successful login in the wp-admin dashbord initiated from the standard wp login page, by an site administrator role, does not trigger ‘swpm_login_failed’, does not trigger ‘wp_login_failed’, as expected.

Test 2: PASS

Equal to simple-membership previous version.

Test 3: PASS (was fail)

Failed login in the wp-admin dashbord initiated from the standard wp login page by an site administrator (wrong password) triggers the ‘wp_login_failed’ hook, as expected. ‘swpm_login_failed’ hook is not triggered, as expected.

Test 4: PASS

Equal to simple-membership previous version.

Test 5: PASS

Equal to simple-membership previous version.

Conclusion

All tests pass!

Thanks for fixing the issues!

Greetings from Liviu

Just occurred to me, when the inputs (login name / password) are empty, there is a difference between triggering ‘wp_login_failed’ and ‘swpm_login_failed’.

Logins with empty inputs, initiated from the standard wp login page, show user “Please fill this field” without triggering the ‘wp_failed_login’. The input fields validation is done first, only when both input fields are not empty, a login attempt is initiated.

[swpm_login_form] login is different. When one of the input fields are empty, ‘swpm_login_failed’ is triggered. It seems that [swpm_login_form] does not validate first the non-empty inputs, before attempting login.

Maybe you could bring the behaviour of inputs validation of [swpm_login_form] in line with the wp login behaviour. That is: attempt to login when both fields are non-empty.

Greetings from Liviu

Another difference.

When the input fields (login name / password) contain only white-spaces (one or more), wp login does not trigger ‘wp_login_failed’. [swpm_login_form]?triggers ‘swpm_login_failed’.

Could also bring this in line with the standard wp login behaviour, that is validate first before attempting to login.

Greetings from Liviu

Here is how the logic of our plugin’s ‘swpm_login_failed’ hook work at the moment:

When the SWPM plugin’s login form is submitted, if for any reason the login was not a success, it will trigger the failed action hook.

If a user has entered an empty value and submitted the login form which resulted in a login failure, it will trigger the hook. I like the idea of triggering a failed hook for when the login form submission has resulted in a failure for any reason. We may look at adding another new hook to cater for a different condition.

I understand that another plugin’s or WP’s login process will do things slightly differently. Our plugin’s login process will differ from others. Attempting to compare or align it with another login process, may lead to disappointment.

may lead to disappointment

No worries, no disappointment.

Thanks.