natkinson
Forum Replies Created
-
Forum: Plugins
In reply to: [Post Thumbnail Editor] ACF PRO conflict – Mismatched anonymous define[…]Same issue here. In my case wp_debug = false didn’t solve the issue. Only after disabling ACF Pro (5.6.7) could I edit thumbs like normal.
With ACF Pro enabled, I can edit an image from a page or post. Using via Media fails as described by others.
Correct. I supplied some more information on the ticket I submitted regarding this issue, which got no further response from UM support.
From everything I’ve seen, UM’s excuse is that FB does not require 2FA for users. Unfortunately this argument isn’t really an equivalent situation, as I’m sure FB employees have some sort of security precautions in place.
I do hope UM figures this out sooner rather than later, as such an oversight can make it impossible to use their plugin in many situations, no matter how great it is otherwise.
Agreed. But given that I need cell phone sign in working and I don’t have time to rewrite the UM functionality we’re using, it’s what I have to do.
UM’s only suggestion was to try a prerelease version (didn’t change behavior). I’ve not heard back since I informed them that the problem persisted.
I’ve found a very hacky workaround that finally has gotten Wordfence cellphone sign in working. Unfortunately, it’s meant making a few changes to core files, which of course broke the UM login form. We will now be working to replace the UM login with a customized WP login page.
This of course means I’ll be unable to update UM without making (and testing) the changes again in the future.
Please realize that security is not only a want but becoming a must for many sites. I love the plugin, but moving forward will not be able to use it for any other sites until this issue has been addressed.
I’ve found a very hacky workaround that finally has gotten Wordfence cellphone signin working. Unfortunately, it’s meant making a few changes to core files in Ultimate Member (UM). This has broken the UM login form, which will be replaced by the WP login page (which will be customized to match the look).
This of course means I’ll be unable to update UM without making (and testing the changes again).
Given that these changes could have wider ranging impacts on other sites that have different functionality and requirements (or even different versions of UM), I don’t feel good about sharing them right now.
Hopefully the UM team sees this and realizes that security is not only a want but becoming a must for many sites.
PS. If there’s no way to get Wordfence’s cellphone sign in to work with UM, are there any plugins that UM is compatible with that provide cellphone sign in or comparable security?
Thanks!
Dear UM Support,
I tested pre-release version 1.3.84.22 without any change in behavior. Wordfence is still being prevented from prompting an admin for a cellphone code (and one being sent). From the research I’ve done, it looks like this is being caused by a 302 redirect before any other functions can fire off the same hook.
I’ve started to look into the UM code to see what the culprit may be. It is a requirement that we enable cellphone sign-in. Any other suggestions?
Thanks
Thanks for the quick input.
I’ve already heard back from the Wordfence team, which confirmed that this is a known issue with Ultimate Member (UM) and that any fix would have to come from the UM plugin.
Should I figure something out, I’ll post it here. Unfortunately it will probably have to be a “hack” that impacts basic functionality of UM and not of much use to many people.
abbyptan,
Did you ever hear from the Ultimate Member team or figure this out?
I’m trying to overcome the same issue. I’ve even enabled the default wp-login.php page, but Ultimate Member prevents 2FA cellphone sign-in from the default login page as well.
I did a quick test, deactivating Ultimate Member and had no issues then.
Thanks!