Whenever I open my website admin https://www.examplesite.com/wp-admin
it is redirecting to homepage.
Edit: This answer was using the original URL as given by OP, and later edited/removed by David.
It works fine for me - presenting the admin login screen as expected, so maybe too many bad logins from your IP / address and it's therefore redirecting you.
Try logging in from a friends computer or via Tor Browser and then reset the list of banned IPs?
Or if you have access to the database (and knowledge thereof) you can clear the table of bad login attempts to re-enable your usual access.
Related
First of all, I'd like to preface this post by stating that I know this is a terrible user experience...
I have a client who would like to prevent site visitors from sharing login credentials.
Because this is a corporate marketing site, social login is not an option.
The client claims that there is a site where upon registration, a cookie is dropped onto the user's device and the user is also given a unique password that will only work on that specific device.
Does anyone know how to make this work using Wordpress? (I'd like to avoid using third party plugins)
This sounds like the use of Single Sign On (SSO) or 2 factor Authenticaton (2FA) will be needed. The SSO Wikipidea page references a cookie based solution for TCP/IP networks https://en.wikipedia.org/wiki/Single_sign-on so perhaps that's how this came up from your client.
Once you identify what your options are with that, based on what your client is using for authentication, then set up may be a bit easier. I think a plugin would save you a lot of time, since this is a pretty elaborate task. This one may do the trick https://wordpress.org/plugins/miniorange-saml-20-single-sign-on/
Regardless it's pretty challenging to prevent the sharing of credentials. SSO may be a deterrent if that gives access to something else that user doesn't want to share. 2FA doesn't prevent a user from sharing the pin thats generated too. Perhaps the only real way is to require an IP match on a device with bio-metric authenticaton.
Is it possible allow a visitor to see only a post?
I think it would be safer if it is restricted by IP instead by cookies.
For instance the plugin WP POST RATINGS of Lester Chan has the option to allow 1 voting by IP.
If you’re not requiring a login, Cooke’s or local storage are you’re only viable solution.
IP checks are flawed in that any number of users on a local network will make requests from the same public IP address.
I understand your concern but most users are not incentivized or knowledgeable enough to understand that clearing their cookies would potentially allow a second “vote”.
So unless you go to a full Auth system you’re better off with cookies.
Hide another pages for visitor. You can use "Anonymous Restricted Content" plugin for hide page for not logged in users.
I cannot login to 2 of my WordPress sites (running on the same subdomain). After login I didn't get a message that my credentials are incorrect, but the page reloads and I'm back to the loginpage.
Password rest link doesn't work, he says 'invalid key'. Key = domain.com/wp-login.php?action=rp&key=k5ZhuvbXgAofh0Yql8VK&login=username
Password reset via database doesn't work too. Changed the password to the value given by http://www.passwordtool.hu/wordpress-password-hash-generator-v3-v4 (testtest), but I'm not able to login with the new username/password (still the same result: no error message)
I didn't changed anything to those website the last 2/3 weeks. Maybe an automatically update has changed something. Site urls are correct.
One site is running WP Limit Login Attempts (https://nl.wordpress.org/plugins/wp-limit-login-attempts/) which allows me to try 4 times before I been blocked for 30 minutes.
Deleted all cookies but no result. Has anybody an solution?
Solution found. It was/is a problem with my Internet Service Provider, which filters the internet (paid service, special for kids).
The filter is now off, and I can login to my sites.
I'm using SocialLogin plugin for WordPress which relies on HybridAuth for authentication. However, when I try to login with Google, I get "User profile request failed. Most likely the user is not connected to the provider and he should to authenticate again." error. I've tried Googling the solution, unsuccessfully.
Also, when I try to login with StackOverflow or Yahoo! I get Unspecified error!
I came across this issue also ...
Your question is more than an year old but here you go the solution:
Go to https://console.developers.google.com/ and activate Google+ API access.
That worked out for me!
It generally occurs to me in two conditions.
Session lost when you use for example back button or directly visiting the page instead of visiting via link.
Some times you need to clear your cache, logout and login to site but clean logout
generally fix.
I also want you to know that Hybrid Auth is a dead project.
I have a WordPress site. Like with many WordPress sites I see people (probably robots) trying their luck at the login page every once in a while. However, for the past 2 weeks it’s been non-stop at a rate of 400-500 tries a day…
So I went ahead and took the following security measures:
Changed the login URL to something different than the regular /wp-admin.
Limit the number of login attempts per URL and also automatically block any IP trying to login with an invalid username such as “test” or “admin”.
Set up two factor authentication to make sure that even though they tried they would not manage to get in, even if they guessed the username and password.
However that didn’t seem to do much and I’m still seeing a huge number of login attempts, so next thing I did was:
Password protect the login URL itself.
And still I’m seeing the same number of login attempts… now my questions are basically 2:
How are they managing to still try their luck at the login form even if that page is password protected?
Is there anything else I can do about it?
Cloudflare offers a free entry level plan that may help reduce some of this traffic before it gets to your site. Also, their $20/month plan (as of Aug 2017) can be paired with their WordPress plugin to use their built-in WordPress rulesets. CloudFlare also has a few more settings to allow you to put a few more filters and road blocks in front of specific types of traffic.
If you do choose to use CloudFlare with WordPress, be sure you understand exactly how/if you are choosing to push content into the CloudFlare CDN (content delivery network) and how that relates to the content cache on your site.
Standard disclaimer: I have no relationship with CloudFlare except as a customer.