[Plugin: Login Security Solution] Cannot Login To Site

  • Resolved Mike

    (@mgriffis)


    13 years, 9 months ago

    This morning, neither my client or I were able to login to the website where yesterday I had installed LSS.

    It is likely I caused this problem, but let me recount the sequence of events, as best I can recall, to get your advice before proceeding:

    1) While trying to lock down the site, I changed permissions for config.php to 400 and tried to access the site. I received a flood of mySQL errors:

    Warning: mysql_real_escape_string(): 8 is not a valid MySQL-Link resource in …/wp-includes/wp-db.php on line XXX (many lines of this error)

    2) At this point, I could not log into the site. I restored the config.php permissions, but received message that my password needed to be changed. I did so, a couple of times.

    3) Apparently at more or less the same time, my client was trying to login, and received the same error. She also reset her password several times.

    4) I received 9 emails from the site saying POTENTIAL INTRUSION AT (sitename)

    I was able to delete the plugin via FTP access, and can now access the site’s admin section.

    If it matters, the DB table “wp_login_security_solution_fail” is intact, as is the login security data from the _usermeta and _options tables.

    My questions:

    A) Did my changing permissions on config.php have any effect on LSS?

    B) I would like to reinstall your plugin. How would you recommend that I proceed?

    http://ww.wp.xz.cn/extend/plugins/login-security-solution/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Daniel Convissor

    (@convissor)

    13 years, 9 months ago

    Hi Mike:

    The proper permissions for wp-config.php depends on the way your web server works. Most likely, you’ll need chmod 440. This may be, but probably is not, related to the LSS issues you’re encountering.

    Can you please read the “The password reset behavior…” passage of the following post:
    http://ww.wp.xz.cn/support/topic/plugin-login-security-solution-password-reset-loop?replies=3#post-3036352. Does that apply to your situation?

    I assume you and your client have distinct user accounts and are not sharing them.

    What other plugins do you have installed? If there are any others, have you read my plugin’s FAQ? http://ww.wp.xz.cn/extend/plugins/login-security-solution/faq/

    Are you running a stand-alone installation of WordPress, or are you running a multisite network installation?

    Are you behind a proxy or load balancer?

    Can you dump the contents of your wp_login_security_solution_fail table and email it to me at [email protected]?

    As far as reinstallling, just put the plugin files back in place and you should be good to go. WordPress may want you to reactivate it, so check the Plugins page in wp-admin.

    –Dan

    Thread Starter Mike

    (@mgriffis)

    13 years, 9 months ago

    Can you please read the “The password reset behavior…” passage of the following post:
    http://ww.wp.xz.cn/support/topic/plugin-login-security-solution-password-reset-loop?replies=3#post-3036352. Does that apply to your situation?

    I don’t believe so. I was trying to login legitimately, as was my client.

    I assume you and your client have distinct user accounts and are not sharing them.

    That’s correct.

    What other plugins do you have installed? If there are any others, have you read my plugin’s FAQ? http://ww.wp.xz.cn/extend/plugins/login-security-solution/faq/

    I have a number of plugins, but not Better WP Security. I’ll email the list to you along with the _fail table.

    Are you running a stand-alone installation of WordPress, or are you running a multisite network installation?

    Standalone.

    Are you behind a proxy or load balancer?

    No.

    Can you dump the contents of your wp_login_security_solution_fail table and email it to me at [email protected]?

    Yes. Done.

    As far as reinstallling, just put the plugin files back in place and you should be good to go. WordPress may want you to reactivate it, so check the Plugins page in wp-admin.

    I’ve done this. I was immediately bounced out of the admin section, but was able to successfully change my password and login back in.

    Plugin Author Daniel Convissor

    (@convissor)

    13 years, 9 months ago

    Hi Mike:

    Thanks for sending me the detailed information via email.

    I tracked down and fixed the problem with the not a valid MySQL-Link resource issues. It happens when invalid auth cookies are presented. That was happening due to multiple browsers being used, with the password having been changed in one and not the others. The problemis the auth cookie check happens very early in the process, so my database close call (before sleeping) leaves WP unable to render the rest of the page.

    The required password resets you and your client encountered were due repeatedly trying incorrect passwords. You 8 times, your client 5, then 3 other passwords 2x each. (Perhaps some were auth cookies, I don’t know.) Anyway, I added some logic to only track a given IP, user, password combination one time. This will cut down on the problem you hit.

    I also suggest having a user name other than “admin.” I added an explanation to the plugin’s FAQ.

    All of this is in the new release, 0.22.0.

    Thanks again,

    –Dan

    Thread Starter Mike

    (@mgriffis)

    13 years, 9 months ago

    Thanks for your help, Daniel.

    I’ve installed v0.22.0, and so far, so good. I’ll let you know if I see any other unexpected behavior.

    And I’ve deleted the admin account. Thanks for the reminder.

    Mike

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘[Plugin: Login Security Solution] Cannot Login To Site’ is closed to new replies.