Page 1 of 1

Site Lock Out

PostPosted: November 4th, 2011, 11:48 am
by intuitdesign
Hi there,
I have S2 member installed on my client's WordPress site. The other day, for the 2nd time since his launch in Aug, the back end log in page had a "Max number of login tries. Try again in a half hour" message. This message appeared for everyone going to the back end to log in, and the message was up before we tried to log in.

Is there an emergency way to log into the site if you are an administrator of the site? It seems that there should be. My client was upset.

Thank you in advance for any information regarding this.
Jeff

Re: Site Lock Out

PostPosted: November 5th, 2011, 9:48 pm
by Cristián Lávaque
He's probably writing his password or username wrong, it's case sensitive. Remind him it's for his own protection that that's there, in case someone is trying to guess his admin login info. WP Admin -> s2Member -> Restriction Options -> Brute Force IP/Login

Re: Site Lock Out

PostPosted: November 6th, 2011, 6:18 am
by intuitdesign
The message was showing up for everyone that was a member of the site, so no one could log in. Not just the client. He has 100+ members on the site that could not log in. Please advise.
Thank you,
Jeff

Re: Site Lock Out

PostPosted: November 6th, 2011, 9:18 pm
by Cristián Lávaque
Everyone? That's very odd. I'll ask Jason how to deactivate that restriction while figuring out what could be causing the issue.

Re: Site Lock Out

PostPosted: November 7th, 2011, 2:27 am
by Jason Caldwell
Thanks for the heads up on this thread.

IP Restrictions do NOT apply to Super Administrators of the site, ever. On a standard WordPress install, they don't apply to any Administrator at all. IP Restrictions are only applied to non-admin accounts. So, logging into the site as an Administrator with the "administrator" Role should not trigger any errors.

Based on the is_super_admin() function for WordPress.
http://codex.wordpress.org/Function_Ref ... uper_admin
( this returns true for any Administrator on a standard WordPress install )

In emergency situations, you can apply this temporary hack if you like.

Create this directory and file:
/wp-content/mu-plugins/s2-hacks.php
( these are MUST USE plugins, see: http://codex.wordpress.org/Must_Use_Plugins )
Code: Select all
<?php
add_filter
("ws_plugin__s2member_disable_login_ip_restrictions", "__return_true");
?>

Re: Site Lock Out

PostPosted: November 7th, 2011, 11:05 am
by intuitdesign
Thanks so much Cristián and Jason! Just to be clear, the 'Max Log Ins' message was up on the log in page before I entered anything or tried to log in. I don't know if this makes a difference. It appeared for about an hour then went away and we were able to log in. Could this be a hack attack making the message appear?

I love S2 Member by the way!
:)

Re: Site Lock Out

PostPosted: November 8th, 2011, 3:53 pm
by Jason Caldwell
Thanks for the follow-up, and for the KUDOS!
~ Much appreciated.

intuitdesign wrote:Thanks so much Cristián and Jason! Just to be clear, the 'Max Log Ins' message was up on the log in page before I entered anything or tried to log in. I don't know if this makes a difference. It appeared for about an hour then went away and we were able to log in. Could this be a hack attack making the message appear?
Well, s2Member can't display a message like this without first knowing what User/Member was trying to log in. In fact, WordPress won't even display an error on this screen without first having data posted. Is it possible that you have another plugin installed which is also attempting to control the max failed logins?

Re: Site Lock Out

PostPosted: November 21st, 2011, 11:11 am
by intuitdesign
Hi guys,
I don't have another plug in controlling the log in.
This problem just happened again.

The hack you asked me to do is not working.

HELP!!

Re: Site Lock Out

PostPosted: November 21st, 2011, 12:31 pm
by Jason Caldwell
Thanks for the follow-up.
Hi there,
I have S2 member installed on my client's WordPress site. The other day, for the 2nd time since his launch in Aug, the back end log in page had a "Max number of login tries. Try again in a half hour" message. This message appeared for everyone going to the back end to log in, and the message was up before we tried to log in.

OK. So you've tried re-configuring your s2Member -> Restriction Options, as they pertain to Brute Force Logins and Unique IP Restrictions; and you've also applied the hack that I posted above; but you're still seeing this message on your login screen, even without having posted any user/pass?

If that's correct, I would start looking at your caching plugins. Do you have any plugins installed that are caching pages/objects/db queries? If so, you might disable that to see if it's the culprit. It almost sounds like you have a WordPress cache issue, or possibly a browser cache issue; where a previous error is getting cached for all future User/Members attempting to log in.

If problems persist, please post a list of all the other plugins you're running and we'll take another look for you. If you have a caching plugin installed, please tell us what your configuration of that plugin looks like.

You can also try this additional hack, which dynamically disables s2Member's Brute Force Protection.

Create this directory and file:
/wp-content/mu-plugins/s2-disable-brute-force.php
( these are MUST USE plugins, see: http://codex.wordpress.org/Must_Use_Plugins )
Code: Select all
<?php
add_action 
("ws_plugin__s2member_after_loaded", "s2_disable_brute_force_protection");
function s2_disable_brute_force_protection ()
    {
        $GLOBALS["WS_PLUGIN__"]["s2member"]["o"]["max_failed_login_attempts"] = "0";
    }
?>
s2-disable-brute-force.zip
(353 Bytes) Downloaded 71 times

Re: Site Lock Out

PostPosted: November 21st, 2011, 12:47 pm
by intuitdesign
This latest file worked and I was able to log in.
I will post more a little later re: plugins

Thank you Jason!
Jeff

Re: Site Lock Out

PostPosted: November 23rd, 2011, 10:00 am
by intuitdesign
Hi Jason,
Here is a list of the active Plugins:

AddToAny: Share/Bookmark/Email Buttons
Ad Rotator
Akismet
Avatars
Category Posts Widget
Constant Contact Widget 2.0
Contact Form 7
DD Simple Photo Gallery
Dewplayer
Google Analytics Dashboard
Google XML Sitemaps
Kimili Flash Embed
NIVO slider light
Page Links To
pageMash
Rave Player
Really Simple CAPTCHA
Reveal IDs
s2Member
Sidebar Login
WassUp
WP Hide Post

Re: Site Lock Out

PostPosted: November 23rd, 2011, 11:19 am
by Jason Caldwell
Thank you. These looks good.
Who is your hosting company please?
Do you have any PHP extensions running that are caching output?

Re: Site Lock Out

PostPosted: November 23rd, 2011, 11:30 am
by intuitdesign
The Hosting is Network Solutions.
There was a plugin activated called WP Super Cache, but when I checked on it, it said that it wasn't working properly and to change my permalinks. I just deactivated it this am. Could that have been the problem?

I don't know of any php extensions.

Thank you!
Jeff

Re: Site Lock Out

PostPosted: November 23rd, 2011, 1:32 pm
by Jason Caldwell
Yes, that could certainly have been the issue. Plugins like these require a careful configuration to get them working properly on a site with many different plugins. Another thing to keep an eye on, is your list of PHP extensions. Some hosting companies will use caching extensions for PHP that may conflict with the functionality of WordPress. You might send your host an email asking what, if any, caching is used on their network, and how it may affect your installation of WordPress.