wallyO

I do not have any instalations of the Members plugin at the moment but I can not see any support requests on www.remarpro.com about this issue, so it is possible that Justin is unaware of it.
If you want a solution from within the plugin it may be worthwhile making the plugin author aware of the problem.
A bug report made from
this url
should make him aware even though he does state that he does not answer support requests on www.remarpro.com (I think he still might read them)

login directly from the site

From this I assume you have a login form on the frontend of your site generated by a plugin, theme or a text widget you have created.
For this to work your users will need to have the wordpress_test_cookie being set on the frontend pages.
The code which sets it is in wp-login.php line 435-439 (which is why you can log in on the second attempt)
You could try adding that code to your functions.php so that the wordpress_test_cookie is generated for all pages/posts.
This method would not work if you had a caching plugin caching output to html.

I just had this happen.
In my case it was caused by my shortcut to login page missing www before the domain. This creates a mismatch in the wordpress_test_cookie Host.

SITE URL: https://www.domain.com
BAD LOGIN URL: https://domain.com/wp-login.php
Gives the message
ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.

SITE URL: https://www.domain.com
GOOD LOGIN URL: https://www.domain.com/wp-login.php
No Error.

OK. Thanks for concidering this request and for a very useful plugin.

Password tests on Easy WP SMTP v1.1.7
– Update from 1.1.4 to 1.1.7
– Go to CF7 form fill and send (success)
– Go to e wp smtp test form fill and send… (success)

No interaction with the Easy WP SMTP settings was required.
This issue is resolved in Easy WP SMTP v1.1.7

I think you will find that delivery issues in version 1.1.4 were caused by the incorrect email address being written to the Return-path: header.
In version 1.1.6 this has been corrected and easy smtp is writing the Return-path: correctly. (that is it is writing the smtp email address there)
Unfortunately 1.1.6 has another change that I consider unneccesary, with respect of making emails more deliverable. It forces a rewrite of the From: header.
This has the disadvantage of being less user friendly to the receiver of the email.
For the From: header I would prefer the Easy WP SMTP settings value only be used if the From: header has not already been written.
————————-
Password new tests
1. Update from 1.1.4 to 1.1.6
– Go to CF7 form fill and send (failure)
– Go to e wp smtp test form fill and send… (SMTP connect() failed.)
– Save e wp smpt settings, then,
– Go to e wp smtp test form fill and send… (SMTP connect() failed.)
– Re-enter password then save, then,
– Go to e wp smtp test form fill and send… (Test mail was sent)
– Go to CF7 form fill and send (success)

The Newsletter plugin code has changed.
$_REQUEST['nl'] = array(2, 3);
no longer works.

Ok. Looks like 2, 3 may be being sanitized.
Another tangent may be to give the checkboxs a value each (if WooCommerce checkout manager will do that) then process the $POST values with php to build the array.

$_REQUEST['ne'] = $_POST['billing_email'];
$_REQUEST['nn'] = $_POST['billing_first_name'];
$_REQUEST['ns'] = $_POST['billing_last_name'];
$nl_lists = array();
$allowed_values = array(1,2,3,4);
if(isset($_POST['cb1']) && in_array( $_POST['cb1'], $allowed_values ) ){
	$nl_lists = $_POST['cb1'];
}
if(isset($_POST['cb2']) && in_array( $_POST['cb2'], $allowed_values ) ){
	$nl_lists = $_POST['cb2'];
}
if(isset($_POST['cb3']) && in_array( $_POST['cb3'], $allowed_values ) ){
	$nl_lists = $_POST['cb3'];
}
if(isset($_POST['cb4']) && in_array( $_POST['cb4'], $allowed_values ) ){
	$nl_lists = $_POST['cb4'];
}
$_REQUEST['nl'] = $nl_lists;

Because of the way Newsletter filters email receivers by Subscriber Preferences (lists), I would try to use $_REQUEST[‘nl’] to add the subscriber to the newsletter list and the English language list.
Say , for instance you had
a newsletter list (1),
a receive promotional material list(2),
an English list (3) and
a French list (4)
I would use 4 checkboxs for the user to choose their preferences,
then use javascript to populate a hidden field with a comma separated list,
for instance Promo material(2) and English(3) would populate the hidden field with the value “2, 3”.
Then I would change the code in my first post to
$_REQUEST['nl'] = array($_POST['hidden_field']);
Then your subscriber would be added to the Promo and English lists.
When sending your mail in the Who Will Receive It tab choose those two lists and send your English Promo.
The tricky bit is writing your javascript!

I use Contact form 7 to write the ReplyTo header addressed to the form senders email address when sending form email with Easy WP SMTP.
It makes no sense to have a ReplyTo header on WordPress notification email.
It would be better if the plugin will only override “ReplyTo” if it is not present.
And it would be even better if it were to have an option to disable the “ReplyTo” function alltogether.
I will hold off on updating hoping for these abilities in the next version.
Thanks for a very useful plugin by the way.

I saw the same files uploaded to a site I oversee.
Also it was uploaded an older version of Gravity Forms (v1.8.9 )
Current Version is v1.8.22 (which has some security updates addressing issues like this one)

The exploit was automated, with 3 different ips trying the same sequence of http requests with a few hours of each other.

You should be concerned. While this file appears only to indicate to the attacker that they successfully uploaded a php file, and tries to invoke a php error or php_info output, they could have just as easily uploaded a shell, and they may have done this.

I restored a backup from well before the upload, updated all software and plugins and crossed my fingers that I acted in time.

Thanks,
that hack does work for me.
I added “fixed” on horizontal position
and “cover” on the background size
(css3 I know, but only site owner will visit that page).

Hi Libin,
My request is for a background attachment property for the Login Screen Background.
For a recent design I would have liked to have my background fixed, but the plugin applys scroll with no option to override it.
Thanks for the neat plugin, it makes me look good.

Check for difference in header.php between current version of 2012 and your child theme.
Current version menu button is a button
<button class="menu-toggle"><?php _e( 'Menu', 'twentytwelve' ); ?></button>

Previous version it was a h3
<h3 class="menu-toggle"><?php _e( 'Menu', 'twentytwelve' ); ?></h3>

New version references button in js/navigation.js
Previous version references h3 in js/navigation.js
Solution
Change h3 to a button in your child theme header.php

Resolved.