justinwhall

I don’t own the holygrail.com but this site receives ~half a million page views a day. With out getting into the debate as to wether enumerating usernames “leaking” as you put it, is a security risk – it’s not in this case.

wp-login.php does not have a login form at all. We’ve removed the default WP auth form in favor of Google OAuth. Try as you may to use usernames but it will never work. You’d need to use and be logged into the gmail email address (and double auth for that matter).

So why is iThemes logging “failed login attempts” if there is literally no <form> element to POST to? Ah! Excellent question! If you pop open your terminal and send a POST request to /wp-login.php of any kind, iThemes logs it despite the absence of an actual form. Seeing as we already have NGINX logs, this information is especially useless.

Nah. Script kiddies. The normal attempts you seen on any WP site with decent traffic. In my case it’s 60 or so sites.

admin:1234, attempts at author logins, repeated bad logins etc…

I don’t need a scan. I need to disable logs ??

We don’t log 404s. The logs are blocked IPs only due to failed logins/malicious requests etc so nothing we can do there. The plugin is configured to log as little of possible actually.

Do you have the same user in two environments at Stripe? Can you reset the dev environment? Wipe out all customers/users.

Then at this point, the issue is not the plugin but something else. I can’t say for sure but my guesses would be one of the following:

1) Your theme is conflicting with the plugin (try a different one)
2) You have something weird going on with your browser. Addon or something. (try a different one. Ideally chrome).

tldr, the inputs are there and are likely being hidden by some CSS.

Sounds like you are not an admin. Can you have someone upgrade your user?

Sure! I have a donation page here: https://littlebot.io/make-a-donation/

How do you mean? Environment settings are the same page you added your API keys.

https://www.dropbox.com/s/cm55ad5mfnx4wx2/Screenshot%202019-03-28%2008.36.27.png?dl=0

Docs -> https://littlebot.io/docs/littlebot-ach-for-stripe-plaid/configuration/

If you do not have production access, you can not make production API calls.

Yes, development comes with 100 free transactions but you need to actually use development.

According to that message one of the following is the issue:

1) Your API keys are incorrect
2) Your API keys do not have access to the production environment

• This reply was modified 5 years, 12 months ago by justinwhall.

Hello – Could check the console for any errors?

Yes, email appears if you are loggedin. Otherwise you must add it. I try to not get too much into CSS and let the theme take care of that so there are no conflicts. Thanks!

Also working on a solution!

Hey Jeff –

I’m aware of the slow load time in some instances. Do you have a lot of stripe customers? If you don’t mind me asking how many do you have?

Hey there. You can find the change log here. Let me know if you have an specific questions.