Hi Team,
We need your help regarding a WordPress concurrent login issue.
I’m hosting a WordPress site on a server managed via HestiaCP (installed through the web interface). The problem is that logging in on one device immediately logs the other out. No plugins have been added or changed, and session settings in PHP (php.ini) appear standard. The PHP version is 8.2.
I haven’t manually changed anything on the server.
Thank you in advance!
Hi team,
Since my previous question hasn’t been answered yet, and given you might not have experienced the concurrent login issue as we have, I wanted to share our solution.
We found that removing the WordPress installation script’s bcrypt line in /usr/local/hestia/web/src/app/WebApp/Installers/WordPress/ resolved the concurrent login issue. Our site is now working well.
Please reconsider implementing this update in future HestiaCP releases.
Late to provide a solution, but here is the solution for future reference and for those who prefer not to maintain separate user accounts.
When using the Hestia App Installer to install WordPress, it adds a must-use plugin. If you go to the plugins page and click “Must-Use” you will see a plugin for WP Password bcrypt you need to delete that.
Unfortunately, you cannot delete it from the WordPress UI. You will need to do it either using FTP, File manager, or any other way you add/delete files. It is a single PHP file and is located in the WordPress directory under wp-content/mu-plugins.
Hestia developers, you may want to consider removing that from the setup script. Starting from WordPress 6.8, bcrypt is the default hash method. Even the GitHub plugin repository has been archived for this same reason.
Hope this helps anyone else.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
