Home › Forums › BulletProof Security Free › s2member login conflict
Tagged: s2member login
- This topic has 7 replies, 3 voices, and was last updated 9 years, 8 months ago by jenni101.
-
AuthorPosts
-
NickiParticipant
Hi,
I have a possible conflict with bulletproof free version and S2Member free version, specifically the “New User Email Configuration Conflict warning:…”
The alert in S2Member goes away when I deactivate bulletproof so I am assuming that the problem is there. I am unsure why bulletproof would need to access wp_new_user_notification(), but it seems to be causing the problem. I have three websites with bulletproof and s2member installed, the oldest one was working fine with the two plugins, the only thing that has changed is plugin updates. I am wondering if the new core changes and login feature for bulletproof is causing the issue. The two new websites I have only just installed the two plugins and they both have the same problem.
I have found this thread on S2Members forums and wonder if it is relevant to bulletproof, please shout me down if I am wrong! s2member.com/forums/topic/strange-conflict-with-plugin/
Thanks for any help
Nicki
AITpro AdminKeymasterDoes S2Member monitor logins or have login security? If this is the case then you probably cannot use both login features at the same time if they are doing the exact same thing/function or doing something very similar. Is this the correct plugin? If so, I will download it, test and confirm this. wordpress.org/extend/plugins/s2member/ Turn Off BPS Login Security, test S2Member and let me know the results. Thanks.
AITpro AdminKeymasterOk I have tested S2Member and I found the issue/problem. New code was added in BPS to fix an issue with multisite, but this causes issues/problems for other plugins due to the way pluggable.php is being called in the WP backend.
Error/Issue/Problem: Conflict warning: You have another theme or plugin installed that is preventing s2Member from controlling this
aspect of your installation. When the pluggable function wp_new_user_notification()
is handled by another plugin, it’s not possible for s2Member to allow customization of New User Emails.
This is NOT a major issue. In fact, in some cases, it might be desirable. That being said, if you DO want to
use s2Member’s customization of New User Emails, you will need to deactivate one plugin at a time until this conflict warning goes away.Workaround Solution BPS: Edit /wp-content/plugins/bulletproof-security.php Code Line 53
Workaround Solution BPS Pro: Edit /wp-content/plugins/bulletproof-security.php Code Line 94
Change this code…
require_once(ABSPATH . 'wp-includes/pluggable.php');
…to this code…
if ( wp_script_is( 'bps-js', $list = 'queue' ) ) { require_once(ABSPATH . 'wp-includes/pluggable.php'); }
Permanent Solution: This code will be permanently changed in the next version release of BPS.
NickiParticipantThanks for your fast response. I had noticed that s2member monitors login security and had turned it off in case that was the problem. I will add the above code for a short term fix and look forward to the update. Brilliant support once again, it is refreshing to have good customer service.
🙂 Nicki
AITpro AdminKeymasterS2Member version: 140725 and BPS Pro 9.2 test results:
BPS Pro Login Security works fine with S2Member as long as these 2 S2Member options below are not being used or have been set to “off” in S2Member (more explanation below for the meaning of off).
S2Member Restriction Options Menu:
Brute Force IP/Login Restrictions option
Unique IP Access Restrictions optionS2Member will override BPS Pro Login Security if the 2 S2Member options above are being used / are turned “on”.
How to turn “off” S2Member Brute Force IP/Login Restrictions & Unique IP Access Restrictions:
1. Go to S2Member Restriction Options and make sure these 2 options below are set like this:
2. Brute Force IP/Login Restrictions: Allow Infinite failed logins (Brute Force Restrictions disabled)
3. Unique IP Access Restrictions: Allow Infinite IP’s (All IP Restrictions are disabled)
4. Click the Save All Changes button/option.Or of course you can turn Off BPS Pro Login Security and use S2Member login security features.
jenni101ParticipantHi,
Can I just clarify (for me and possibly others) what you’re current recommendation is for this? I had asked about compatibility on the s2memebr forum – and you answered it! But you said there that it didn’t matter if the above s2m settings were on as they’d override the BPS settings anyway; and that meant that it was Ok to have both the s2m and the BPS settings on. Here’s the link to the s2m forum: https://wordpress.org/support/topic/security-integration-with-bullet-proof-security-pro
Many thanks.
AITpro AdminKeymasterThe last time I checked out s2Member login security it was just as good as BPS/BPS Pro login security so basically your site is safe and protected by using the login security that s2Member provides/comes with. JTC is geared more towards “anti-nuisance” stuff. Here are some examples to makes things as clear/simplified as possible.
Example 1: s2Member does/has/uses the same login security principles that BPS uses so I would say that from a protection standpoint that both plugins are just as effective in stopping/protecting against brute force login attacks, which is the most important thing that you want to have going on on your site. There is going to be a bit of a tradeoff going on because BPS and s2Member probably have additional features that do something that the other plugin does not do. For example you can use BPS login security to keep track of logins in general kind of like a “timecard” login of sorts, but that is more of a convenience thing vs what is most important – stopping auto-posting bots from trying to auto-login or auto-register to the site. s2Member is a membership plugin and there are going to be additional things that s2Member is doing with the user/member data when a member logs into a website that is a membership based website. So really what it comes down to is that s2Member needs to have full control of all member logins in order for everything to work smoothly regarding handling and processing user/member information. I feel very confident that s2Member does just as good a job at login security as BPS does. The last time I looked at the s2Member code and overall design it was very good/solid so if I was using s2Member personally then I would feel very safe and confident about doing a tradeoff and using s2Member login security in that particular case. login security is a fairly simple thing to do with WP. 😉
Example 2: For JTC I’ll just reiterate what we figured out over months of testing and that is that a CAPTCHA based login with a spambot trap is the most effective detterent against massive auto-registrations, auto-logins and auto-posting on a scale where it is very time consuming to have to deal with the daily problems of massive spam user accounts, deleting spam posts, etc. BuddyPress/bbPress appears to be a preferable target or has some kind of signature that makes bp a desirable target. If you look at this forum topic: http://forum.ait-pro.com/forums/topic/buddypress-spam-registration-buddypress-anti-spam-registration/ you can see us working through this painfully step by step. I say painfully, because it was costing us an hour a day to do cleanup on this forum site. So that is why/where this falls under a nuisance category. It has been a couple of years, but I still remember the anger and disgust that I felt during that time period of testing.
jenni101ParticipantBrilliant! Thanks so much for taking the time to explain it fully. I’ll post a link to this from the s2member forum so anyone else can find it easily too (as well as find your amazing security plugin of course).
many thanks 🙂
-
AuthorPosts
- You must be logged in to reply to this topic.