Wordpress Update

User avatar
axew3
w3all User
w3all User
Posts: 2883
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:

Re: Wordpress Update

Post by axew3 »

i updated wordpress here to last yes, i'm on 2.3.9, the simply code hardly fail on any wp update.
The plugin tag has been updated to show that 2.3.9 is compatible with last 5.6 wp, at wp.org repo
https://wordpress.org/plugins/wp-w3all- ... tegration/

And very soon this online install will switch to the integration plugin 2.4.0, when RC4 will be released in these days.
So before the Christmas day, 2.4.0 should be released as little gift!

About all the rest and the 301 plugin problems, let me investigate asap to check if i can understand where the problem could come out.
When i said that not too much changed into 2.4.0 about bruteforce, i was wrong.
It change little but it is important. I applied and followed the logic, where on next RC4 there are two main differences: the username is not used anymore to be stored into the bruteforce array, and the code only follow if a phpBB uid is great than 2.
That i hope it is not the reason of the NULL value you get in the case you present. ANd why i do not get into my test with 2.4.0
I will check asap.
User avatar
DjPorkchop73
User www
User www
Posts: 80
Joined: Thu Aug 20, 2020 6:45 pm
Location: Egyptian Valley of Illinois

Re: Wordpress Update

Post by DjPorkchop73 »

Hello.

After some hours of trying, I think I replicated the problem and know why it happened. It was coincidental between 3 things gone wrong (I think).

1. For 100% certain my 301 redirect plugin is corrupted or bugged and causing errors.
2. When the errors happen, I immediately get logged out of WordPress.
3. When I get logged out of WordPress I am taken back to my phpBB3 to Login.
4. Oddly enough, login fails. So I try 1 more time but again Login fails.
5. I manually type in my CHANGED secret login link. Login still fails
6. Instead of Brute Force, I get that fatal error I reported.

Now notice the bold word CHANGED? In WP All in One Security I changed my login page to a secret link instead of the standard login link. So instead of http://mydomain.com/wp-admin/ it is now http://mydomain.com/mysecretword/

Here is what I did to replicate the error and solve (I think) the error.

I revisited 301 redirects, got errors and was logged out. Attempted logins, no Brute force but once again a fatal error. Ok Good! I reproduced!

Now I clear cookies and cache and close my browser and wait for a few minutes while I go and grind some good coffee beans and create a fantastic brew!

I reopen my browser, I turn 301 redirects OFF. I shut off the rename login page in WP All in One Security and now it is default WordPress Login link again. Now I intentionally turn on the option to log me out of WordPress after X amount of time (for testing purposes only).

Now I get logged out. Great! Just as planned. I get taken to phpBB and I attempt a login. Success! Now I revisit my Admin Dashboard and enjoy my brew long enough to be logged out again. Now I am redirected back to phpBB where I intentionally enter the wrong info. This time I get phpBB3 All Brute Force and redirected back to WordPress Login just as your plugin was intended to do! Success!

So it is my guess that :

1. My 301 Redirects Pro is corrupted and the company needs to help me fix it since it is the Pro version.
2. I do not think ti is at all advisable to EVER rename the default login link to WordPress when using phpBB integration plugin. You pointed out in another post where you showed us how to secure our install with Brute Force and said that is really all it needed. You are 100% correct. I should have never renamed my login link.

If you or anyone can rename their link on a test board and try this out to verify my assumptions that would be great. I might have just saved someone a major headache in the future.

My website is back online and working spot on. https://paparayphotography.com (hide link if you feel necessary).
If I could I would. If I don't, it's because I am lazy!

"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley
User avatar
axew3
w3all User
w3all User
Posts: 2883
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:

Re: Wordpress Update

Post by axew3 »

Thank you for precious and precise report.
I will test things between today and tomorrow, when all my free weekend time will be dedicated to finally check the 2.4.0 into any configuration.
I'm preparing (mess) documentation that's still under construction (divided because it is intended that it is possible to integrate one or other way, switching to one or other any time, if required):

WP to phpBB way:
https://www.axew3.com/w3/wp-w3all-wordp ... nd-how-to/

phpBB to WP way:
https://www.axew3.com/w3/2020/12/wp-w3a ... wordpress/
User avatar
DjPorkchop73
User www
User www
Posts: 80
Joined: Thu Aug 20, 2020 6:45 pm
Location: Egyptian Valley of Illinois

Re: Wordpress Update

Post by DjPorkchop73 »

My apologies for not replying back any sooner with further updates. I had some family emergency.

Since we last spoke, I have disabled the plugin that was causing errors and causing me to be logged out relentlessly. I also renamed my login link back to WordPress original and I rely on the strike system using WP All In One Security. Since I reverted all these settings and changes, I have not had 1 single fatal error since. All is well.
If I could I would. If I don't, it's because I am lazy!

"Don't gain the world and lose your soul, wisdom is better than silver and gold" -Bob Marley
User avatar
axew3
w3all User
w3all User
Posts: 2883
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:

Re: Wordpress Update

Post by axew3 »

https://www.axew3.com/w3/forums/viewtop ... 4960#p4960

on rc 4? Going to test today all things again.
Not going to check some function that still need to be fixed, that is shortcodes related and for certain cases.
The ban function will be fixed and, as code is on rc4, it has been shorted again, fixing unwanted code calls and removing more inconsistencies.
It should be near to be perfect.
The bruteforce has been fixed to: store less data, work fine in any situation.
The plugin throw warnings errors on php8, like memeberpress, buddypress and several others.
It is already fixed into my actual test install which i do not go to post as rc5, and that adjust several things more: moving directly to the 2.4.0 main release in short if all will be ok, that will be also fully php8 compatible.

So worried to find out the time to finish all within 1/2 days! But it need to be this way.
Online install guides have been updated, removed some stupid assertion on it, and i hope are now containing all the needed easy explain on how to manage things.

p.s just installed here online, i will follow testing on multisite and buddypress.
It is really faster and all seem fixed (it seem at moment!)
Post Reply