I’m not sure what you mean by “different email ids”… …

By 29th March 2024 Uncategorised

Comment on How To Add 2-Factor Authentication Login To Your WordPress Sites by Paul G..

I’m not sure what you mean by “different email ids”… what is this?

The email will be sent to the email address registered for the given user you’re trying to login as.

If the email is not sent, your WordPress site has issues with sending emails and you should look into this. The plugin simply uses the native WordPress wp_mail() function and if this doesn’t work, then your site hosting has email sending problems.

I hope this helps you narrow down the problem.
Thanks,
Paul.

Paul G. Also Commented

How To Add 2-Factor Authentication Login To Your WordPress Sites
This plugin doesn’t rename any files, or write/touch/look at any .htaccess or WordPress core files (especially admin). I’m not sure what you’ve done, or perhaps there are other WordPress plugins you’ve used or at play interfering here.


How To Add 2-Factor Authentication Login To Your WordPress Sites
Hi Robert,

I’m really not sure what’s happening here. That text isn’t even in the plugin… can you confirm what message is being shown? Thanks.


How To Add 2-Factor Authentication Login To Your WordPress Sites
Hi Mike,

Sorry for the trouble you’re having here. I’ll take a look at the code and see if there’s any bug in there pertaining to the same IP address.

I assume you were both using different computers (at least different browsers) ?

When you say “locked out” what exactly do you mean? What was happening to lock you out of the site?

Thanks,
Paul.


Recent Comments by Paul G.

Security: Hide The WordPress Login and Admin Pages (wp-login.php)
Hey Rob,
Brilliant news… Glad it’s working so well for you!


Part 5: Ultimate Comment SPAM Killer – Shield WordPress Security Plugin
Why does WordPress need to do that? I’ve no idea… that’s the way the author of this particular code decided to implement this. 🙂

My approach is to take each “spam” word/pattern and I use “stripos()” on each item of the comment that needs to be checked.

The truth is that efficiency isn’t hugely important in this area because it’s only run when a comment is posted. I could probably optimize my approach too, but again, it’s not critical.

Further reading: http://lzone.de/articles/php-string-search.htm


Part 4: Login Protection – Shield WordPress Security Plugin
There’s nothing you can do about that unfortunately if the bots are cracking away at your page. Most bots would get blocked by the automatic blacklist if they’re repeatedly hitting you with this.

As to XML-RPC, we have a couple of options ranging from by-passing the login/user sessions systems to completely disabling it:
https://www.icontrolwp.com/2015/10/automatically-block-brute-force-amplification-attacks-against-wordpress-xmlrpc/


Further WordPress Admin Access Lockdown
Eileen, Lynn,

The automatic updates system is WordPress-controlled and run on a WordPress cron. The Security admin access shouldn’t affect this. If you have enabled automatic updates, but restricted the system using the admin access and you find it’s not working as it should, please let me know in the support forums.

To your first question, if you enable this Security Admin system and lock-down any features, then you must, as an administrator or not, authenticate with the Security Admin system before you can make changes to the zones that have been restricted.

Let me know if it’s still unclear and I’ll elaborate further on areas you need.
Thanks!


Part 5: Ultimate Comment SPAM Killer – Shield WordPress Security Plugin
This is something that you’ll have to test with your particular installation(s) and configuration. Aggressive page caching will probably affect this functionality, but that is the double-edged sword that is “caching”.

I’d be interested to hear what you find with your tests.

Thanks!


x Logo: ShieldPRO
This Site Is Protected By
ShieldPRO