This topic has 21 replies, 3 voices, and was last updated 9 years by 
-
-
Hi again,
I’ve got a peculiar issue. It seems with comet chat installed, when a user incorrectly attempts to login, the ajax functionality doesn’t resolve. This has resulted in a number of IP addresses getting banned from my site via my host (WP Engine).They say I get a very large number of failed login attempts from wp-login.php:
207.71.248.167 http://www.thelaw.agency – [24/Aug/2015:17:43:11 +0000] “POST /wp-login.php?wpe-login=rincon805 HTTP/1.1” 403 317 “http://www.thelaw.agency/classes/” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/8.0.2 Safari/600.2.5”
Does anyone have any idea as to why or how this might be happening? Any clues on where I should start my troubleshooting?
Thanks in advance,
-HP.S. Also bringing this up with comet chat.
Site is http://www.thelaw.agencyHello, do you have a security plugin? Or maybe a plugin that could be creating a conflict, please try to deactivate one by one and test again
Let me know 🙂Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solutionLaura Solanes - Graphic Designer and Web Designer
Please be patient as I try to answer each topic as fast as i can.
If you like the theme or the support you've received please consider leaving us a review on Themeforest!
Always happy to help you 🙂
I deactivated all but the necessary-to-function plugins and I still get the timeout – ban IP problem if a user submits the wrong password.
I’m using WP Engine as a host – could this be some chacheing related trouble?
Thanks,
Hello, do you have limit ogin attempts plugin? If so, disable it.
If not, please contact your hosting about thatHi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solutionLaura Solanes - Graphic Designer and Web Designer
Please be patient as I try to answer each topic as fast as i can.
If you like the theme or the support you've received please consider leaving us a review on Themeforest!
Always happy to help you 🙂
I have contacted hosting and they say it’s some wp-login error conflicting with a plugin. Since I’ve deactivated all but the kleo-suggested plugins (k elements, etc) and this still happens, I’m wondering if there has been this error before or if you might shed any light on the matter. Could it be a default WP-Engine cacheing issue?
I know nothing about how the login process works.Thanks,
Specifically, I see this error:
PHP Warning: call_user_func_array() expects parameter 1 to be a valid callback, function ‘bp_change_profile_subnav_default’ not found or invalid function name in /nas/wp/www/cluster-40716/rincon805/wp-includes/plugin.php on line 503, referer: http://www.thelaw.agency/
Hello, it seems a problem of hosting, because the plugins we include and the theme itself doesnt have any security ban option, its not coming from there, cant be. I think it could be the server or a third party plugin that you deactivated but didnt delete from wp-content/plugins.
Also check out your htaccess, make sure you dont have any security code thereHi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solutionLaura Solanes - Graphic Designer and Web Designer
Please be patient as I try to answer each topic as fast as i can.
If you like the theme or the support you've received please consider leaving us a review on Themeforest!
Always happy to help you 🙂
Alright, well it appears there’s a bit of back and forth here. WPEngine says that it’s a plugin or a theme; I’ve disabled all plugins but those that come with Kleo, so I’m at a loss.
Attempting to troubleshoot this myself, I’m looking at these error logs and thinking that if the error is coming from the /wp-includes/plugin.php and that’s the bit of code that allows plugin hooks to work, it must either be being generated there or the htaccess – like you suggested. WPEngine doesn’t allow htaccess, so I’ll rule that out.
That doesn’t leave much, unfortunately, just deleting plugins even though they’re deactivated. Is there a place that would store inactive plugin information? I’d like to check there before deleting plugins.Thanks in advance for all your help.
-HHello, that place is the database, but i doubt is that, i can take a closer look at this if you share admin and ftp credentials 🙂
Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solutionLaura Solanes - Graphic Designer and Web Designer
Please be patient as I try to answer each topic as fast as i can.
If you like the theme or the support you've received please consider leaving us a review on Themeforest!
Always happy to help you 🙂
Hello, i think this is because of cometchat, i have used it with kleo and never had this issue, but its true that it usually has one or two issues. My suggestion would be to contact them, as you should have a support service, i am not very familiar with the plugin, so this is the best option i think. f anything, let me know so we can find another ways.
Always here to help 🙂Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solutionLaura Solanes - Graphic Designer and Web Designer
Please be patient as I try to answer each topic as fast as i can.
If you like the theme or the support you've received please consider leaving us a review on Themeforest!
Always happy to help you 🙂
Hi there,
Sorry to nag, but I’ve got confirmation from my hosting support that the error is coming from the kleo theme. Please see the following:Hi Hudson,
I’ve done some testing and I can say with confidence that this is due to the theme being used and caching is not at play.
I cloned rincon805 to a new installation — rinconwpetest — and did some testing there. First on the production environment and then on the staging environment, which doesn’t utilize caching. On both environments I got the same thing. Here’s a screenshot of some of the response from logging in with the wrong creds:
You can see that there’s no caching from the “Pragma: no-cache” bit and then you can see that it’s from the theme when looking at the action under “Form Data” – kleoajaxlogin
When I ack-grepped for “kleoajaxlogin” through your installation, here’s what was returned:
COPY CODEwp-content/themes/kleo/assets/js/app.js 1214: action: 'kleoajaxlogin', wp-content/themes/kleo/kleo/assets/js/app.js 1218: action: 'kleoajaxlogin', wp-content/themes/kleo/kleo/functions.php 1481: if (! isset($_POST['action']) || ( isset($_POST['action']) && $_POST['action'] != 'kleoajaxlogin' ) ) { wp-content/themes/kleo/functions.php 1474: if (! isset($_POST['action']) || ( isset($_POST['action']) && $_POST['action'] != 'kleoajaxlogin' ) ) {You can see there that it’s coming from the parent theme.
Whenever I switch the theme to a default theme (Twenty Fifteen in this case) and go to log in, I get directed to the basic wp-login.php page. When entering bogus creds I get the “ERROR: Invalid username.” message and there are not repeated requests.
This leads me to the conclusion that the theme is trying to repeatedly log in when incorrect credentials are used.
With that being said, please reach out to the theme developers again and share this information with them, as caching is definitely not the cause of the issue. Please let us know what they get back to you with and if there’s any other way we may be of assistance, please let us know!
Hello, will assign the ticket to a higher support lever who can help and advise you in your query.
Thanks! 🙂Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solutionLaura Solanes - Graphic Designer and Web Designer
Please be patient as I try to answer each topic as fast as i can.
If you like the theme or the support you've received please consider leaving us a review on Themeforest!
Always happy to help you 🙂
Just checking in to see if there’s been any update on this. I appreciate all the help getting this sorted.
Best,
-HThe fix is extremely simple, update Kleo to 3.0.9, there was a login post loop bug confirmed in old versions of the theme.
Let me know how it works.
CheersHi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solutionI’m up to date, unless dragging and dropping into ftp hasn’t been working. Is there a way to check? What’s the current version number of the theme?
Check /wp-content/themes/kleo/style.css
Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solutionOn your live site I see you have 3.0.4 ( http://www.thelaw.agency/wp-content/themes/kleo/style.css )
Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solutionHmm… well that would be embarrassing, but it’s not the first time! I’m reupdating now – will respond shortly.
Thanks!
Let me know how it went after update. Looking forward.
Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solutionI’m glad to hear that. Cheers
Hi there!!! Help others from the community and mark any reply as solution if it solved your question. Mark as a solution
The forum ‘KLEO’ is closed to new topics and replies.
