Home › Forums › BulletProof Security Pro › Login Security – Non-existent account logged in
- This topic has 11 replies, 2 voices, and was last updated 4 years, 9 months ago by Ljubomir Manojlovic.
-
AuthorPosts
-
Ljubomir ManojlovicParticipant
I’m doing some installations and I can’t be focused. Whatever, my client now succesfully logged in with NON EXISTENT ACCOUNT!!!! How that can be? Ridiculous part was that I was notified by BPS about it. please, can you review the case?
AITpro AdminKeymasterI need more information. This issue may or may not be related to BPS. Is a Members or Membership plugin or theme installed? Can you post the Login Security login information? Any other relevant information about how, what and where would be helpful. Please add as much information as you can with specific details about everything. Also post a link to the website so I can check the frontend of the website for issues or problems.
Ljubomir ManojlovicParticipantHow to post you private message with images and credentials (and explanation)?
AITpro AdminKeymasterIf you don’t want to post these things in the forum then send them to this email address: info at ait-pro dot com.
AITpro AdminKeymasterThis problem was caused by the Login page being cached using W3 Total Cache.
Login pages or any Forms or Form pages should never be cached. The problem you have described is exactly what happens when a Form is cached and other very strange problems. You will need to go into the W3 Total Cache plugin settings and exclude the WordPress Login page from being cached and exclude any other website pages with Forms on them from being cached.
Ljubomir ManojlovicParticipantAfter some time and some web searches, I identified week points in my sites structures. Somehow, it also actually in some (minor) part relate to BPS also. So, please review this.
- So, in my site cases, I have triangle of (3) plugins – MainWP – BPS. Those 3 plugins are Formidable Forms (Pro), Fast Velocity Minify and W3 Total Cache.
- Formidable Forms by itself have conflicts with both plugins:
- Fast Velocity Minify may prevent File Upload fields from working properly (further conflicts are also with page builders and FVM).
- W3 Total Cache: With some W3 settings, an incorrect link to uploaded files will be included in the email notification, reCAPTCHA and Math Captcha may not work, and entries will not always be submitted. The W3C database cache function causes uploaded files to not attach to the email.
- Watching line BPS – MAinWP – W3TC/FVM, obvious solution is not to exclude pages from caching/minification, rather to exclude plugins.
- So, at first look, to use define(‘DONOTCACHEPAGE’, true);, but … that is not solution in case of dynamical ‘objects’ (such forms – what concern security – BPS). (see https://wordpress.stackexchange.com/questions/66155/proper-hook-for-w3tc-defines-or-dynamically-disable-w3-total-cache).
- So question will be:
What should be proper solution from your point of view?
BTW – Your note about login page should be solved by default, as W3TC by default have excluded caching of php files, what login page is. So, what about that page?
AITpro AdminKeymasterMy professional opinion after years of testing caching plugins and minification/compression is NEVER USE THEM FOR ANY REASON. What we are using on all of our websites is the BPS Speed Boost Custom Code and nothing else (no caching plugins or minification/compression) and our websites have never performed better or faster than when using or testing any/all of the WordPress Caching or Minification plugins. We spent months of testing and in the end created our own solution that is far better >>> BPS Speed Boost caching code.
Ljubomir ManojlovicParticipantOK, I will test it now on one server to see outcome.
AITpro AdminKeymasterOh and this is very important to note about minification/compression and even caching plugins >>> If you have a poorly optimized and designed website (The Theme is poorly designed/coded and is bloated, Too many Plugins installed or poorly coded Plugins that use extensive memory and resources, images not performance optimized, etc.) then minification/compression and some caching plugins will probably improve overall website performance, BUT that is more of a band-aid solution to the real problem, which is of course the website is poorly optimized and designed.
We created a custom Theme that does not have any Bells and Whistles (ie zero Bloat) and the difference in overall website performance is huge. We are talking 2-3 second load speed differences once you remove all the bloated things that come with standard WordPress Themes. What should be done for all WordPress Themes is a way to turn off all additional features that cause bloat, but unfortunately most Themes are instead trying to offer folks every possible option and feature with all WordPress Hooks running 24/7 without a way to turn them off, which basically adds 2-3 second load times right off the bat without considering any other things like plugins, etc.
Ljubomir ManojlovicParticipantWell, I saw your post reply just now. However, in meantime I did that and … I’m not happy. On Gmetrix it drops me out 80/71 and for same configuration with W3TC and FVM I have 100/100.
poorly optimized and designed
I generally agree with you. However, in my general case, I should to have bunch of plugins (it is on Astra basic theme), as sites are for non web trained users. Actually, in this case, my situation is very very very bad, as I simply MUST TO HAVE A-Grade clean sites (mean no posts), only with Coming Soon page.
In other words, I don’t see other option than to go back to W3TC/FVM, but I will then should to somehow solve caching issue of Formidable Forms or to find some other solution.
AITpro AdminKeymasterWell it sounds like what you are looking for is a website Grade over actual website performance speed. I never pay attention to the website Grade since it really does not mean that much compared to actual website performance speed. A lot of website speed checking websites factor in things that don’t matter for WordPress site types to get the Grade. Can’t offer you any advice or suggestions about W3TC or FVM since we don’t use those things. 😉
Ljubomir ManojlovicParticipantYeap, Grade is what clients looking for.
-
AuthorPosts
- You must be logged in to reply to this topic.