Login Security – Non-existent account logged in

Home Forums BulletProof Security Pro Login Security – Non-existent account logged in

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #37447
    Ljubomir Manojlovic
    Participant

    I’m doing some installations and I can’t be focused. Whatever, my client now succesfully logged in with NON EXISTENT ACCOUNT!!!! How that can be? Ridiculous part was that I was notified by BPS about it. please, can you review the case?

    #37448
    AITpro Admin
    Keymaster

    I need more information.  This issue may or may not be related to BPS.  Is a Members or Membership plugin or theme installed?  Can you post the Login Security login information?  Any other relevant information about how, what and where would be helpful.  Please add as much information as you can with specific details about everything.  Also post a link to the website so I can check the frontend of the website for issues or problems.

    #37449
    Ljubomir Manojlovic
    Participant

    How to post you private message with images and credentials (and explanation)?

    #37450
    AITpro Admin
    Keymaster

    If you don’t want to post these things in the forum then send them to this email address:  info at ait-pro dot com.

    #37451
    AITpro Admin
    Keymaster

    This problem was caused by the Login page being cached using W3 Total Cache.

    Login pages or any Forms or Form pages should never be cached.  The problem you have described is exactly what happens when a Form is cached and other very strange problems.  You will need to go into the W3 Total Cache plugin settings and exclude the WordPress Login page from being cached and exclude any other website pages with Forms on them from being cached.

     

    #37482
    Ljubomir Manojlovic
    Participant

    After some time and some web searches, I identified week points in my sites structures. Somehow, it also actually in some (minor) part relate to BPS also. So, please review this.

    • So, in my site cases, I have triangle of (3) plugins – MainWP – BPS. Those 3 plugins are Formidable Forms (Pro), Fast Velocity Minify and W3 Total Cache.
    • Formidable Forms by itself have conflicts with both plugins:
      • Fast Velocity Minify may prevent File Upload fields from working properly (further conflicts are also with page builders and FVM).
      • W3 Total Cache: With some W3 settings, an incorrect link to uploaded files will be included in the email notification, reCAPTCHA and Math Captcha may not work, and entries will not always be submitted. The W3C database cache function causes uploaded files to not attach to the email.
    • Watching line BPS – MAinWP – W3TC/FVM, obvious solution is not to exclude pages from caching/minification, rather to exclude plugins.
    • So, at first look, to use define(‘DONOTCACHEPAGE’, true);, but … that is not solution in case of dynamical ‘objects’ (such forms – what concern security – BPS). (see https://wordpress.stackexchange.com/questions/66155/proper-hook-for-w3tc-defines-or-dynamically-disable-w3-total-cache).
    • So question will be:

    What should be proper solution from your point of view?

    BTW – Your note about login page should be solved by default, as W3TC by default have excluded caching of php files, what login page is. So, what about that page?

     

    #37486
    AITpro Admin
    Keymaster

    My professional opinion after years of testing caching plugins and minification/compression is NEVER USE THEM FOR ANY REASON.  What we are using on all of our websites is the BPS Speed Boost Custom Code and nothing else (no caching plugins or minification/compression) and our websites have never performed better or faster than when using or testing any/all of the WordPress Caching or Minification plugins.  We spent months of testing and in the end created our own solution that is far better >>> BPS Speed Boost caching code.

    #37488
    Ljubomir Manojlovic
    Participant

    OK, I will test it now on one server to see outcome.

    #37493
    AITpro Admin
    Keymaster

    Oh and this is very important to note about minification/compression and even caching plugins >>> If you have a poorly optimized and designed website (The Theme is poorly designed/coded and is bloated, Too many Plugins installed or poorly coded Plugins that use extensive memory and resources, images not performance optimized, etc.) then minification/compression and some caching plugins will probably improve overall website performance, BUT that is more of a band-aid solution to the real problem, which is of course the website is poorly optimized and designed.

    We created a custom Theme that does not have any Bells and Whistles (ie zero Bloat) and the difference in overall website performance is huge.  We are talking 2-3 second load speed differences once you remove all the bloated things that come with standard WordPress Themes.  What should be done for all WordPress Themes is a way to turn off all additional features that cause bloat, but unfortunately most Themes are instead trying to offer folks every possible option and feature with all WordPress Hooks running 24/7 without a way to turn them off, which basically adds 2-3 second load times right off the bat without considering any other things like plugins, etc.

    #37502
    Ljubomir Manojlovic
    Participant

    Well, I saw your post reply just now. However, in meantime I did that and … I’m not happy. On Gmetrix it drops me out 80/71 and for same configuration with W3TC and FVM I have 100/100.

    poorly optimized and designed

    I generally agree with you. However, in my general case, I should to have bunch of plugins (it is on Astra basic theme), as sites are for non web trained users. Actually, in this case, my situation is very very very bad, as I simply MUST TO HAVE A-Grade clean sites (mean no posts), only with Coming Soon page.

    In other words, I don’t see other option than to go back to W3TC/FVM, but I will then should to somehow solve caching issue of Formidable Forms or to find some other solution.

    #37503
    AITpro Admin
    Keymaster

    Well it sounds like what you are looking for is a website Grade over actual website performance speed.  I never pay attention to the website Grade since it really does not mean that much compared to actual website performance speed.  A lot of website speed checking websites factor in things that don’t matter for WordPress site types to get the Grade.  Can’t offer you any advice or suggestions about W3TC or FVM since we don’t use those things. 😉

    #37506
    Ljubomir Manojlovic
    Participant

    Yeap, Grade is what clients looking for.

Viewing 12 posts - 1 through 12 (of 12 total)
  • You must be logged in to reply to this topic.