Coming 2.7.5 logs and suggestions

User avatar
axew3
w3all User
w3all User
Posts: 2883
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:

Coming 2.7.5 logs and suggestions

Post by axew3 »

On 2.7.5:

w3all sessions keys Brute Force countermeasure
Since 2.4.0> the option Swap WordPress default Login, Register and Lost Password links to point to phpBB related pages
become Swap WordPress Register and Lost Password links to point to phpBB related pages.
The login in WordPress is required to be always available (even if it can be hidden by the normal site because you'll like to login users only in phpBB) because to unlock a blocked account due to a detected phpBB sessions keys bruteforce in WP, the user need to login into WordPress. The same user while/if logged in, is not affected. See more below how easy and secure the concept work.
viewtopic.php?t=80

This aspect, sometime very annoying when an user login in phpBB, and his ID result to be Bruteforced (even if it normally happen for session mismatching due to some other reason, and not due to a true bruteforce) in WP, will be resolved IF the integration will run together with the phpBB integration extension into phpBB, that will be updated to do the follow:
when an legit user login in phpBB, the phpBB code will check that the user's ID of this user do not exist into the WP bruteforce IDS array: if yes, will clean up the record so that when the user will return into WP, will not be forced to re-login again in WP.

2.7.5 will fix also:

* Fix: "fatal error due to the "wp_w3all_phpbb_login" hook not being found, happening when I'm logging in a user with the wp_signon() function ... ajax

more coming...
User avatar
axew3
w3all User
w3all User
Posts: 2883
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:

Re: Coming 2.7.5 logs and suggestions

Post by axew3 »

It is not about the WP plugin code, but the new version of the phpBB integration extension if/when used:

Coming 2.0.1:
Clean up the ID of the (successfully) logging in user, from the WP bruteforce array, so that when the user will visits WordPress, will not be redirected to re-login in WP, to unlock his presumed bruteforced account.
User avatar
axew3
w3all User
w3all User
Posts: 2883
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:

Re: Coming 2.7.5 logs and suggestions

Post by axew3 »

In the while, the phpBB extension version 2.0.0 has been removed and the
new phpBB WordPress integration extension v2.0.1 has been released:

Add
Remove the userID from the w3all WordPress bruteforce array, when the user succesfully log in phpBB (this option require the wp-w3all-phpbb-integration plugin installed into WordPress to correctly work, do not activate this option if the integration plugin has not been installed into WP):
Minor fixes

viewtopic.php?t=1783
User avatar
axew3
w3all User
w3all User
Posts: 2883
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:

Re: Coming 2.7.5 logs and suggestions

Post by axew3 »

The WP_w3all plugin 2.7.5> REMOVE the login widget that's really not useful and obsolete.

w3all_login_widget()
and related hook
add_action( 'init', 'w3all_login_widget');

Removed on 2.7.5
User avatar
axew3
w3all User
w3all User
Posts: 2883
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:

Re: Coming 2.7.5 logs and suggestions

Post by axew3 »

Remove append/addition of /index.php into two instructions on both files
page-forum.php
and
wp_w3all_phpbb_iframe_short.php
code

viewtopic.php?p=6064#p6064
User avatar
axew3
w3all User
w3all User
Posts: 2883
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:

Re: Coming 2.7.5 logs and suggestions

Post by axew3 »

2.7.5 has been released

Code: Select all

== Changelog ==

= 2.7.5 =
*Release Date - 16 Nov, 2023*
* Fix: "fatal error due to the "wp_w3all_phpbb_login" hook not being found, happening logging in a user with the wp_signon() function (called via ajax)": see https://www.axew3.com/w3/forums/viewtopic.php?t=1805
* Remove: the Wp_W3all Login Widget has been removed
* Minor fixes
Post Reply