Could not login

I think the problem lies with the testcookie post variable in method sourceDataFormValidate, I don't know why it is there but my guess it is legacy from an old wordpress behavior.

The problem is that we are sending a post request with username+password+testcookie, without requesting wp-login.php before which sends us Set-Cookie:wordpress_test_cookie=WP+Cookie+check;

I think removing testcookie form the post veriables that are sent shouldn't be a problem as the WordPress validation will skip the cookie validation if we didn't send testcookie :

	// If cookies are disabled we can't log in even with a valid user+pass
	if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
		$user = new WP_Error('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
	else
		$user = wp_signon('', $secure_cookie);

Hi

I am having the same problem yet the patch does not work anymore.

Yup, doesn't work as-is, or with this patch (testing with a www.wordpress.com site). Presumably the login form has changed, researching.

Response from wordpress.com is

HTTP/1.1 403 Forbidden
Server: nginx
Date: Thu, 09 Oct 2014 15:38:13 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive

Probably they're enforcing form submissions coming from their own site only, which is (belatedly) security-prudent.

I'll update my old local install of Wordpress and see if they're doing anything in the code itself to prevent this working. It is just possible that this feature (which was always a little hackish) might need to be dropped, and you'll need to obtain the export yourself and upload it.

OK, WordPress is now using yet another login cookie name, so I've added a check for that - it works with a local WordPress installation. As for wordpress.com, I tried setting a "real" user agent string on the request but nginx still blocks us, so I've added a note that this will not work. Please try out this patch - if you have any trouble, please be sure to include your WordPress version (this has been tested with 3.9.2 and 4.0).