Cannot login to Wordpress, password reset doesn't work - wordpress

I cannot login to 2 of my WordPress sites (running on the same subdomain). After login I didn't get a message that my credentials are incorrect, but the page reloads and I'm back to the loginpage.
Password rest link doesn't work, he says 'invalid key'. Key = domain.com/wp-login.php?action=rp&key=k5ZhuvbXgAofh0Yql8VK&login=username
Password reset via database doesn't work too. Changed the password to the value given by http://www.passwordtool.hu/wordpress-password-hash-generator-v3-v4 (testtest), but I'm not able to login with the new username/password (still the same result: no error message)
I didn't changed anything to those website the last 2/3 weeks. Maybe an automatically update has changed something. Site urls are correct.
One site is running WP Limit Login Attempts (https://nl.wordpress.org/plugins/wp-limit-login-attempts/) which allows me to try 4 times before I been blocked for 30 minutes.
Deleted all cookies but no result. Has anybody an solution?

Solution found. It was/is a problem with my Internet Service Provider, which filters the internet (paid service, special for kids).
The filter is now off, and I can login to my sites.

Related

The security token did not match. The request was aborted to prevent any security breach. Please try again

I've got the error above in my Joomla website when I either try to log in or create a new account from the side site. I have also noticed the two following things:
if I create a new user from the backend, this doesn't appear in the _users table;
a file named ".myjoomla.configuration.php.md5", containing an alphanumeric string, is automatically generated in the website root every time I try to log in vainly from the frontend. Besides, it turns up again if I remove it manually through FTP.
Did my website get hacked? How could I fix it?
".myjoomla.configuration.php.md5" contains the md5 hash of the configuration.php file and appears on your site as part of the mySites.guru service you either subscribed to or trialled. It is part of the near-realtime alerting service which detects when configuration.php has been changed and alerts you if you are a paying subscriber of the mySites.guru service. It is NOT an indication of a hack at all.
Disclaimer: It is code I wrote and a service I run, so I know what Im talking about.
Not being able to create users - Im guessing you have Admin Tools or RSFirewall installed and configured, both these products stop users being created IF configured that way.
Token issues: These are well covered in Joomla documentation and forums. They are CSRF tokens and if yours is not validating then try NOT double clicking the buttons, check your session handlers are working, and check your cookies are working as expected
Nothing you say leads me to believe your site is hacked
The issue I've encountered was about the Joomla native Login module. As I published it in all the pages of my website and clicked on the login link appeared on the frontend side, I was redirected to a link that looked like
mysite.com/index.php/component/users/?view=login&Itemid=yourid
which displayed the login page correctly. Yet, once filled in the form and submitted it, the warning message in question popped out. The same problem occurred when either trying to register a new account or reset the password.
Although I couldn't find an explanation to the issue, I managed to fix it by creating a Login, Reset and Registration menu items under the main menu and then hidden them as I didn't want them to show up among the other menu items on the frontend.
Went back to the frontend and clicked on login, I was now redirected to a different url that looks like
mysite.com/login
where "login" is the alias that I had chosen for the Login menu item.
After having filled in the form and submitted it, I was able to log in successfully. Likewise, Registration and Reset operations worked.

Wordpress - Changed login URL but still getting hacked

I have a Wordpress site that has very recently getting a lot of login attempts. Woke up with over 100 alerts, and they are still coming in. I changed the login url to something obscure, but I am still getting alerts of users trying to login, they are using different usernames each time. And different IP addresses. I have never had this number of attempts on any of my Wordpress websites. Any ideas how I can stop them from even being able to try and login? I thought hiding the login url would have worked.

HybridAuth not working - User profile request failed(Google)

I'm using SocialLogin plugin for WordPress which relies on HybridAuth for authentication. However, when I try to login with Google, I get "User profile request failed. Most likely the user is not connected to the provider and he should to authenticate again." error. I've tried Googling the solution, unsuccessfully.
Also, when I try to login with StackOverflow or Yahoo! I get Unspecified error!
I came across this issue also ...
Your question is more than an year old but here you go the solution:
Go to https://console.developers.google.com/ and activate Google+ API access.
That worked out for me!
It generally occurs to me in two conditions.
Session lost when you use for example back button or directly visiting the page instead of visiting via link.
Some times you need to clear your cache, logout and login to site but clean logout
generally fix.
I also want you to know that Hybrid Auth is a dead project.

Passwords get lost after deployment

I manage an ASP.NET MVC 3 website with multiple users. Every user have a password that gets saved by their browser when they log into the site. Over the past months, I have made multiple deployments of that website to correct bugs or implement new features, all without any problems.
With that said, this week, when I deployed the site as usual, all users lost their saved passwords in their browsers. The login name is still kept in memory, but the password has been lost. There has been no changes to anything to do with the login system at all for months and it is the first time that the passwords are lost.
I have tried to search for a possibility that would explain this problem but to no avail. Do you have any idea what would explain this problem?
Thank you very much.
I'd suspect the cookies in this case; either they expired (after a set length of time) and it just happened to co-incide with your deployment. Or in your deployment you changed the cookie name / path etc. such that now the browser cannot validate the user.
Here is a few reasons:
1.If the password or user name text box name changes, then the browser will disassociate the login with the web site.
original syntax in razor:
#Html.PasswordFor(model => model.Password)
new password box:
#Html.PasswordFor(model => model.MyPassword)
2.If the view changes name or the login occurs in a new view then the browser will disassociate the password with the web site
3.You also need to check the expiration of the browser cache.
4.Check for security updates on the browser

Get reason for login prompt when using asp.net membership

I have an asp.net website using the SQL ASP.net membership system. When users are logged in to the website and are inactive for 20 minutes, they get sent to the login page on the next page request. I would like to show some text on the login page that says "you were logged out due to inactivity" when this happens. Is there a built-in way to do this? Or any other ways I could distinguish why the user has been sent to the login page (for inactivity or some other reason)? I have scoured SO and Google but haven't been able to come up with anything.
The reason we need to do this is because we recently migrated from a previous version of the website that was lax about security and didn't have auto logout, so we're getting lots of feedback from users thinking there's something wrong with the website when they are prompted to login again.
Thanks in advance.
It is better to use javascript for this and be proactive about it, showing the timeout remaining if possible otherwise just alerting the user with a messagebox showing that his session has timed out and then redirecting him to the login page. Have a look here for a simple example.
To redirect him to the login page add the following to the below line as in the example:
alert("Your current Session is over."); window.location = "YourLoginPage.aspx";
For purposes of closure, I'll answer my own question. I couldn't find a clean way of doing what I'd like, so I ended up setting a cookie with the login time after the user logs in. Then on the login form page, I see if the login time in the cookie is greater than 30 minutes old (my auth timeout in asp.net) and display a "logged out due to inactivity" message. Otherwise it doesn't display the message.
Not great, but it seems to work. Satisfies the requirement for the vast majority of our users.

Resources