WP better security and Multi site privacy compatibility issues

Due to large amounts of spam bots hitting my login page I was force to change the login URL. I did this using WP better Security:

http://wordpress.org/plugins/better-wp-security/

I already fixed some compatibility problems with the multi site privacy plugin but now I’m stuck.

When I activate wp better security (even without the login rename function), visit a password protected blog, insert the correct password I get the error “ERROR: The username field is empty.”. I checked in code and the plugin should catch this error and ignore it, but in some way the wp better security plugins kills this.

I also noticed when I activate wp better security that the “Authorization Required: This blog requires a password to view it.” text is removed above the login box.

If I get these two plugins to work, I’ll be more than happy to share my solution.

Any help is appreciated.

Cheers,

Pieter

  • pbrink
    • Site Builder, Child of Zeus

    Oke I did some more testing. I think things go wrong in the if on line 279

    if ( $current_blog->public == '-4' && isset( $_GET['privacy'] ) && '4' == $_GET['privacy'] && !function_exists('wp_authenticate'))

    to be more precise.

    !function_exists('wp_authenticate') returns false, so the code in the if isn’t executed.

    Can’t find any good solution, don’t know what will happen if I remove this code? Any help will be greatly appreciated.

    Cheers,

    Pieter

    Note: I’m testing on a clean install of WP 3.5.1, with no plugins activated

  • PC
    • WPMU DEV Initiate

    Hello Pieter,

    Greetings and thanks for posting on the forums.

    WP better security does not really play well with other plugins. Especially with WordPress multisite and other security plugins you tend to face issues.

    If you are worried about spam blogs, you can use our Anti Splog plugin. Apart from that you can also use Wordfence. it’s a great too.

    More info here : https://premium.wpmudev.org/forums/topic/advice-for-wordpress-security-plugin

    I hope that helps. Please feel free to ask if you have more questions on the same.

    Cheers

    PC

    Sales &Support

  • pbrink
    • Site Builder, Child of Zeus

    Hi PC,

    Thanks for you reply.

    It’s not really the Splog I’m worried about (I already got that covered :grinning:. It’s the brute force login attacks that are killing my performance. That’s why I went for renaming my login page, which is not my preferred solution.

    I must say that WP better security is doing pretty wel on my 3000+ multisite install. But this problem is killing me. And now after your comment I’m hoping that I wont face more of these problems.

    Did you read my previous reply? We posted it almost at the same time :slight_smile:

    Cheers,

    Pieter

  • pbrink
    • Site Builder, Child of Zeus

    Oke, google… google… google…. test… test… test… error… errorr…. error… AND FIXED!

    Oke for future reference for other people that are using WP better security with MS privacy, here is a fix.

    The problem is that both plugins want to declare the wp_authenticate function. WP better security already has done this before MS privacy kicks in.

    The way to fix this is using Filters, which I think is the preferred way of doing this.

    Go to line 282 and find the following code:

    if ( $current_blog->public == '-4' && isset( $_GET['privacy'] ) && '4' == $_GET['privacy'] && !function_exists('wp_authenticate')) {

    function wp_authenticate($username, $password) {

    Change this code to

    if ( $current_blog->public == '-4' && isset( $_GET['privacy'] ) && '4' == $_GET['privacy'] ) {

    add_filter('authenticate', 'wp_authenticate_privacy', 800, 3);
    function wp_authenticate_privacy($user,$username, $password) {

    I’ve also include the modified plugin to this reply. I do think this needs to be changed in the original plugin, but that’s op to the developers of WPMUDEV.

    And you’re all good! Off course if you renamed you’re wp-login you need to add the KEY to all the wp-login URLs.

    Hope it helps. If it did feel free to give me some credits :slight_smile:

    Cheers,

    Pieter

  • PC
    • WPMU DEV Initiate

    Hey @pbrink

    Greetings and thanks for posting back. Sorry for not being on top of it as I was away for the weekend to spend sometime with the family.

    I have sent a note to our lead developer @s H Mohanjith to look into this thread and scan the code :slight_smile:

    He should be here sooner than later.

    Cheers

    PC

    Sales &Support

  • pbrink
    • Site Builder, Child of Zeus

    Hi PC,

    Family time is important! Thanks for taging Mohanjith.

    I’ve already set the fix to production and it’s working, but I can’t wait on some conformation from the PRO’s :slight_smile:.

    If it’s needed I could fix the complete plugin to be compatible with WP better security.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.