Force Logout Error

  • Resolved doqman

    (@doqman)


    5 years, 1 month ago

    I see a couple of active logins in All in One that I don’t know who they are or what they are for. They are using the admin profile.
    When I try using the Force Logout option it says it completed but the active users stay active.

    Is there anything else I can do to log those connections out.

    I am using Cloudflare on this domain/DNS.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    5 years, 1 month ago

    Hi,

    They are using the admin profile.

    Have you enabled one of the Brute Force feature in our plugin, like Rename Login Page?

    Regards

    Thread Starter doqman

    (@doqman)

    5 years, 1 month ago

    Thanks for the reply. I have not tried that but I will.
    If they are logged in now and I cannot Force a logout, won’t they still be in until they decide to log out?

    I am considering trying to move the whole site.

    In the end it may not be hackers but I can’t be sure.

    Thread Starter doqman

    (@doqman)

    5 years, 1 month ago

    Is there a reason the Force Logout feature should not work?
    We changed the passwords so if we can get the logins removed that should buy us time to review.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    5 years, 1 month ago

    Hi, are these logins related to your login IP address? Do they appear every time you log in?

    If yes, go to WP Security -> Settings -> Advanced Settings and select HTTP_CF_CONNECTING_IP from the dropdown list.

    Let me know if the above helps you.

    Thank you

    Thread Starter doqman

    (@doqman)

    5 years, 1 month ago

    Yes I think that fixed it. It went from 17 connections down to just the one I was using.
    What did changing that setting actually do?

    Thanks for the help

    Plugin Contributor mbrsolution

    (@mbrsolution)

    5 years, 1 month ago

    Hi,

    What did changing that setting actually do?

    The IP Retrieval Settings allow you to specify which $_SERVER global variable you want this plugin to use to retrieve the visitor IP address. By default this plugin uses the $_SERVER[‘REMOTE_ADDR’] variable to retrieve the visitor IP address. This should normally be the most accurate safest way to get the IP. However in some setups such as those using proxies, load-balancers and CloudFlare, it may be necessary to use a different $_SERVER variable.

    Kind regards

    • This reply was modified 5 years, 1 month ago by mbrsolution.
Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Force Logout Error’ is closed to new replies.