I've installed WordPress 3.9 on a Linux server and installed/activated the Active Directory Integration plugin.
I am able to pull users from the AD Server, but when I try to authorize by group I keep getting the same error message: [WARN] Authorization by group failed. User is not authorized. It's as if the plugin can't recognize any of the groups on the AD server.
Granted the plugin was created back in 2011, and has shown very little up-keep since then, but I'm hoping someone a bit more familiar with LDAP and Active Directory will be able to offer some insight.
I recently had difficulty working with the Active Directory Integration plugin. In my case I needed to modify the way the plugin selected the user from LDAP because, even though it would sign in, it wouldn't be able to authenticate based on groups.
I've posted a modified version of the plugin so you can see what I changed link to the files.
Related
I'm new to wordpress, literally the first time using it, and now i am frustrated because i cannot even get in on the page even as an admin because of the error on the title.
So here's how it went :
i wanted to add social login for my web
i install nextend social login and use the google platform for it
i did every step right (i made sure of it, there's a list of steps in the nextend i just simply follow it)
i copy the secret id and cope, i verify it and i wanted to test it out
so i log out of my user, and i don't even see the google button to login (maybe because i haven't add it (i thought it's automatic))
and so i went to login using user and password turns out it gives me an error
ERROR :reCAPTCHA verification failed. Please Try Again.
i have searched at google, youtube and nothing seems to work, please help
Note : i cannot get into my account
Option 1: Examine what other plugins you have installed.
Perhaps one of them is interfering e.g if you have cache plugin, you might want to clear your browser cache and try again and/or disable the cache plugin entirely
Option 2: Disable and re-install
If you have access to the host account, you can disable and re-install the plugin via phpmyadmin or ftp as shown in the following article.
https://kinsta.com/knowledgebase/disable-wordpress-plugins/
Go to your hosting login to WP through there to your admin panel.
Go to your google reCAPTCHA account get keys and paste them to your reCAPTCHA plugin on Wordpress again.
I have a wordpress site installed at the root of a domain. I have installed mediawiki in the directory "wiki" at the domain root. Now i want the mediawiki to share the user session info, even the user credentials with wordpress. I want to make mediawiki recognize a user as logged in if he is logged in to tho the wordpress. I have tried with the following online links. But none of them works for the latest of mediawiki versions.
https://dev.commons.gc.cuny.edu/2009/05/21/new-mediawiki-extension-wpmusinglesignon/
https://www.mediawiki.org/wiki/Extension:WPMW
If anyone could help to achieve this ?
You cannot share session information between MediaWiki and another application (and it's generally an anti-pattern; sessions are meant to hold application-specific information). You can use Wordpress login information in your wiki by using an extension that implements either a PrimaryAuthenticationProvider (for checking against Wordpress credentials when using the MediaWiki login form) or a SessionProvider (for checking against the WordPress session cookie, or otherwise authenticating every request). It's not an easy task if you need to write that extension yourself. WPMW looks like the right thing in theory, but it has not been updated for a while.
When I try to sign into my websites wp-admin login screen it refreshes and redirects me to the login page. After researching this issue it looks like deactivating the plugins should fix the issue. However, when I try doing this from phpmyAdmin, it tells me that the UPDATE command is denied to user.
I have tried using the FTP client 'Fire FTP' to try and access my files but I do not know which username and password needs to be used (I have about a million at this point).
Is there somewhere in the Azure portal where I can edit my files and deactivate the plugins?
Other information: I accidentally deleted the file the had my Wordpress admin password, but I am able to log into Azure, and phpmyAdmin. I also have my cPanel login information but I cannot figure out how to access that either. I am also using a Mac.
Please help! I have a basic understanding of web development but not much and I have worked incredibly hard on my website business but this has been a rough setback.
Looking at your problem, FTP is your best option. You can define the user/password at the portal in your app service blade:
Login into the portal: https://portal.azure.com
Navigate to your app service blade
Look for Deployment Credentials and set your username/password.
I was able to resolve this. Turns out I had exceeded my database storage. Simply upgrading my plan fixed the issue. So if anyone sees this and has the same problem, make sue that your SQL db has enough storage available.
The plugins made me exceed my storage but I did not need to deactivate them.
I am reactivating an old Drupal project that was created by a past employee. He left no instructions on how to access Drupal. I gained access to the postgres database Drupal is using and changed everyone's password. I also made sure all users had administrator role and that administrator role has all permissions. When I log in with any of the users, I simply get "Access denied" for every page I try to go to. I've tried /admin, /user, /node, and several other pages. Changing the password definitely reset their password because I'm not getting an invalid login message, just an access denied message. The site is first being authenticated through apache using LDAP, and I made sure there are apache users that match the Drupal users. I am totally stumped. As I said, the person who did this project initially is gone and can't be reached. I have looked at several similar topic threads and can't figure this out.
have you enabled the ldap mod in apache?
try /?q=user
is phpMyAdmin installed? Check users there as well.
I have a hostgator website on which I installed Drupal. It was working fine until last weekend. I am primarily a .net developer and am not sure about the configuration of this open source application.
Recently, I noticed a large number of user accounts being created who never even logged in before. So, after setting up Google analytics, I determined that my site was hacked. I made this determination because the majority of the traffic and user flow is coming form RUSSIA, SERBIA and ROMANIA, hackers haven!
I realised that my website was not secure. So now I put the site into mainitainance mode, uninstalled the existing Drupal 7, and installed a new installation. It is very fresh now and I am on a mission to find some good security pratices.
I would like to know what security measures that I can implement other than these.
Also, how would I connect to my website's command line to change the file permission settings? Currently, I am using Filezilla and right clicking to change the properties.
Thanks, and apologies for the long question.
P.S. This is my website.
Hostgator provides SSH access. Use tool like WinSCP to transfer files and PuTTy to access command line. Once you get command line access, you will be hopefully able to install Drush on Hostgator. Drush will help you do many administrative stuff using command line and it is highly recommended to use. Since you are a .Net developer, I assume that you might be using Windows for development. Good news is that you can install Drush on Windows too.
Are you sure that your site was really hacked? Because, if you go to Account setting page (http://your-site/admin/config/people/accounts) and look under Who can register accounts?, you will see three options there. The default is "Visitors can create account". If you do not change this setting to something else, your new site will again face the same problem. Otherwise, you can select option Require e-mail verification when a visitor creates an account.
Another way to reduce number of spammers creating account on your Drupal site is to install CAPTCHA or reCAPTCHA module and configure it to show challenge to users when they create an account. This will block many spammers. You can also block specific IP range using Apache .htaccess file. You will find .htaccess file in your Drupal installation folder.
Another good practice is to periodically update Drupal core and contributed modules for security fixes. If you goto page admin/reports/updates, you will see what module requires an update. Command line and Drush will help you streamlining some part of this process.
If you regularly update Drupal (core & modules), use SSH for file transfer and apply correct file permissions, your site should be all secure. It is not that hard to maintain a secure Drupal site, given all the help is available for Drupal security team and Drupal community.
There is a Drupal Group (forum) that deals with Best Practices in Drupal Security that provides a number of excellent suggestions on how to secure Drupal sites. As for accessing your site via the command-line, I checked and Hostgator allows for SSH access on all of their hosting plans. You should be able to login via SSH, change to the sub-directory within your Drupal installation and change the permissions of a file or directory using the 'chmod' command.
Good luck!