WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
Hide login does not hide anything (2 posts)

  1. bruno05
    Member
    Posted 1 year ago #

    I installed your product and everything works fine. I was able to create a secret key and also unique URL's for my admin and user login. But here is the problem.

    When I type the unique URL for the user login, it redirects to the wp-login.php and automatically puts the secret key on the url after the wp-login.php.

    How is this hiding anything? Now everyone has the secret key. The way this should work is never to redirect to the wp-login.php url and not show the secret key. The secret key makes sense but I only want admin to have that. The admin should have to type the entire url with the secret key to be able to see the login screen. Everyone else should go to a 404 page if they enter the standard WP login URL - wp-login.php. And end users should never see the admin login screen but see a separate login screen.

    Unless I have installed this incorrectly, if this is the way it is supposed to work, then it is fairly useless and does not really hide anything. I will need to get a different plugin and secure the site using Bullet proof for firewall, scanning etc. Did not want to use multiple plugins.

    Please help.

    Bruno

    http://wordpress.org/extend/plugins/better-wp-security/

  2. Handoko
    Member
    Posted 1 year ago #

    The attackers do not have the secret key. There is a bug on the plugin which attackers use for access your login page. This issue has been discussed several times, hope it will be fixed on the next released of this plugin.

    There are some useful threads you may need to follow:
    http://wordpress.org/support/topic/how-to-ban-admin-logins
    http://wordpress.org/support/topic/after-enabling-hide-backend-still-i-am-getting-bad-login-attempt-how

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.