WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] [closed] Changing /wp-admin url path (30 posts)

  1. simonysandra
    Member
    Posted 1 year ago #

    Hi, I was wondering if it was possible to change the http://www.domain.com/wp-admin and /wp-login.php paths to something else. I tried this on the wordpress.org forum but didn't work:

    http://wordpress.org/support/topic/how-to-change-the-admin-url-or-wp-admin-to-secure-login?replies=13

    Also it would be interesting that - once you have a new path - if you type /wp-admin or /wp-login in the url nothing or a 404 is shown. I don't like hackers knowing my site is runned by wordpress... What do you think?

    Thank you

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Yes, it is possible, but why do you think that has any value at all? You cannot hide anything from a Bot - that is just not possible to do. Hackers use automated Bot programs to find whatever they want to find. They will always find whatever they want to find. ;)

    The best website security method is - Action Approach.

    hacker X does bad action Y and the result is Z = Forbidden.

    PayPal and your online bank do not try and hide things - they use an Action Approach to website security. ;)

  3. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    resolving

  4. heart2hack
    Member
    Posted 1 year ago #

    hello.here is thel link which explain how to change you wordpress admin url and make it secure from auto spam or malware which a haker send automatic to wordpress admin area and hack your password.checkout the website here :

    How to change wordpress admin url

  5. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Trying to hide things or changing URL's is not a legitmate or effective security measure - it never has been and it never will be. It is myth/misinformation that has been spread all over the Internet. Does PayPal, eBay or any other reputable website use hiding tactics - no because they are not real or effective security measures.

    It is not possible to actually hide anything on the Internet. Automated spammer/hacker bots can find anything and everything very easily.

  6. cscottb
    Member
    Posted 1 year ago #

    If you click on the above link, How to change wordpress admin url, you get a Sorry ... Page Not Found response. lol

  7. heart2hack
    Member
    Posted 1 year ago #

    tha above url is working you may check it again.click here and if you don't found the post check that in wordpress section of the menu u will get the tutorial there.

    Changing wordpress admin url

  8. heart2hack
    Member
    Posted 1 year ago #

    @AITpro : if you use plugin than it will find security holes in your wordpress installation and fix it and tell you where is the security hole or risk that hacker can get your website information and hacked....

  9. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    @heart2hack - you're advertising another plugin here that I don't believe is a good plugin. If you want to advertise that plugin then do it in that plugin's forum area and not here. Thanks.

  10. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    If you really want to do something like this then this plugin does this in a much better way: http://wordpress.org/extend/plugins/stealth-login-page/

    Note: The plugin author mentions that there are some issues with WP 3.6 that he is trying to fix ASAP.

  11. heart2hack
    Member
    Posted 1 year ago #

    i am not advertising any plugin this is just a path to help someone.i belive that if someone doesn't know how to edit the code like wordpress default method of changing url path ( i had also include that in my tutorial) than he can use that plugin and if you mind it i will remove that.that is just tohelp people not for spamming dear...:)

  12. heart2hack
    Member
    Posted 1 year ago #

    @AITpro - i provide an unsolve problems solution in my blog.therefore i query google for this type of problem and if someone problem is not solved i help and do research to solve the problem and post a tutorial on that problem to my site.that's it..

    if you have any problem than you can post in the comment section of my blog and soon you will get the answer.and if you have not (that's good) than you can also promote my site.and if you want to promote your plugin by posting a tutorial than you are welcome there as an author.

    decision is ur's

    thanx dear :)

  13. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    if you use plugin than it will find security holes in your wordpress installation and fix it and tell you where is the security hole or risk that hacker can get your website information and hacked....

    I just do not want to have any part in spreading bad information around the Internet. There is enough of that already to last for 1,000 years. ;) Thanks.

    I think your tutorial is good by the way.

  14. heart2hack
    Member
    Posted 1 year ago #

    thanx btw! :)

  15. kimosiris
    Member
    Posted 1 year ago #

    Boy I was struggling with all the methods here and just could not get it to work to hide my admin path. I finally found something quite simple and it does the trick. It uses a php referer as it says and only edit 1 file in worpress. just the wp-login.php see the details change the wp admin path

  16. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    It is frowned upon to modify/hack WP Core files directly. You can achieve the exact same thing by using this function in your Theme's functions.php file without having to modify/hack the wp-login.php file directly.

    // custom login link/page
    function example_custom_login_page() {
    
    	if ( $_SERVER['HTTP_REFERER'] != 'http://' . $_SERVER["SERVER_NAME"] . '/workpath/' ) {
    		header( 'Location: http://' . $_SERVER["SERVER_NAME"] . '/' );
    	}
    }
    add_action('login_head', 'example_custom_login_page');
  17. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I played around with this and there is a much simpler way to do this all in this one simple function below without having to muck around with anything else (create unnecessary folders, redirects, pages, etc.).

    // Simple Query String Login page protection
    function example_simple_query_string_protection_for_login_page() {
    $QS = '?mySecretString=foobar';
    $theRequest = 'http://' . $_SERVER['SERVER_NAME'] . '/' . 'wp-login.php' . '?'. $_SERVER['QUERY_STRING'];
    
    // these are for testing
    // echo $theRequest . '<br>';
    // echo site_url('/wp-login.php').$QS.'<br>';	
    
    	if ( site_url('/wp-login.php').$QS == $theRequest ) {
    		echo 'Query string matches';
    	} else {
    		header( 'Location: http://' . $_SERVER['SERVER_NAME'] . '/' );
    	}
    }
    add_action('login_head', 'example_simple_query_string_protection_for_login_page');
  18. kimosiris
    Member
    Posted 1 year ago #

    Good stuff. If only I could have found that quick and easy method before. The previous methods earlier in this thread are so complex and just would not work for me. Thanks for the suggestion.

  19. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Yep, no problem. I was curious about this myself. We have several websites where we need to allow folks to be able to login so we could not use this code on those sites, but I am sure there are a lot of folks out there who do not want to allow other folks to log into their sites - ie register to login to comment, etc. so this code might be handy for them.

  20. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    And another interesting approach would be to have some sort of auto-generated image file similar to a CAPTCHA with "the secret query string" of the day displayed in an image file that would not be found by automated hacker bots. The image file would be displayed to humans so that they would have the query string login. Of course the inconvenience factor is huge so this would most likely discourage human visitors from registering to a site anyway.

  21. kimosiris
    Member
    Posted 1 year ago #

    Yes a captcha would certainly be good for thwarting bot activity. I don't require frontend login right now but it is a fact that the modification will cause a problem for frontend users.

    A benefit of hacking wp-login.php is when I switch themes the function is still active, otherwise I will need to remember to place it in each theme's function file. Being made as a plugin would solve that though.

  22. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I will add this as an option in BPS Login Security in the next version.

  23. aniksz
    Member
    Posted 1 year ago #

    @AITpro,

    how I can use this code you mentioned earlier in this thread to secure my site???

    // Simple Query String Login page protection
    function example_simple_query_string_protection_for_login_page() {
    $QS = '?mySecretString=foobar';
    $theRequest = 'http://' . $_SERVER['SERVER_NAME'] . '/' . 'wp-login.php' . '?'. $_SERVER['QUERY_STRING'];

    // these are for testing
    // echo $theRequest . '
    ';
    // echo site_url('/wp-login.php').$QS.'
    ';

    if ( site_url('/wp-login.php').$QS == $theRequest ) {
    echo 'Query string matches';
    } else {
    header( 'Location: http://' . $_SERVER['SERVER_NAME'] . '/' );
    }
    }
    add_action('login_head', 'example_simple_query_string_protection_for_login_page');

    thanks
    anik

  24. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

  25. aniksz
    Member
    Posted 1 year ago #

    thanks a lot :)

    will you plz let me know that is BPS works as a complete security suite or do I need to add some other layer/ plugin to the site... plz recommend anything good

    anik

  26. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    We only use BPS Pro. ;) We do not suggest other security plugins so that we remain neutral out of diplomacy.

  27. aniksz
    Member
    Posted 1 year ago #

    thank you :)

  28. ChangeAgent
    Member
    Posted 9 months ago #

    I played around with this and there is a much simpler way to do this all in this one simple function below without having to muck around with anything else (create unnecessary folders, redirects, pages, etc.).

    Hi AITpro, would I ad this to

    Theme's functions.php file without having to modify/hack the wp-login.php file directly.

    like you suggest in the post above?

  29. AITpro
    Member
    Plugin Author

    Posted 9 months ago #

    Yes, you would add the code to your Theme's functions.php file and add the Query string that you want to use. Keep in mind that you should only use this code if you do NOT allow anyone else to register, comment, login to your WordPress website.

  30. ChangeAgent
    Member
    Posted 9 months ago #

    a thousand thank u's. No I be the only one needing to access the site.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic