WordPress.org

Ready to get started?Download WordPress

Forums

Stealth Login Page
Multisite desgn (8 posts)

  1. frisco
    Member
    Posted 1 year ago #

    First, props for continued development on your plugin.

    I have a suggestion for handling activation on a WP network. I think if the plugin is network activated, then the settings for the plugin should appear on the network settings menu, not on the settings menu for each site. This would enable network-wide management of the plugin. In a perfectly customizable world, there could be a configuration option when the plugin is network activated to also give site admins the ability to customize/override the network settings, where those settings would appear on the site settings menu, but I'd have this turned off by default. However, if that configuration option didn't exist, then there would be no settings on the site admin menus and use of your plugin when network activated would be limited to super admins.

    In my experience, most WP network operators opt for network-wide activation when they want centralized management of options. In most instances, if a plugin is network activated, they don't want settings on the site admin menu.

    A lot of security plugins (such as the login limiters you mention) follow your approach to settings, and I think that's less than ideal and makes adoption/management on a network harder.

    http://wordpress.org/extend/plugins/stealth-login-page/

  2. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    Thank you for the feedback. I have figured out how to do that. It will go in 4.0 unless it's so critical at this point to not wait for my extensible 4.0 release. 4.0 will allow me to create a 3rd-party marketplace like EDD and RCP Pro and I'll be releasing a 100% blocker as a premium add-on.

    Can you hold off 2-3 weeks?

  3. frisco
    Member
    Posted 1 year ago #

    Thanks for the follow up. Of course, I'll wait. FYI, happy to spend $ provided it is network compatible (my only interest, actually), and consistent with the approach I outlined in my original post.

    Since you're a Genesis guy (as am I), I haven't even thought about how your plugin might interact with the shortcode such as footer_loginout.

    We run a managed WP hosting environment on nginx, so we could redirect any calls to wp-login.php without parameters to a page on our site with a very long cache life (which could be served via nginx without ever loading PHP). That would save server load as well as keep attackers away from our login page.

  4. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    WP Engine has some hidden nginx scripts that do a portion of what my plugin does. I was working closely with them to resolve multi-site issues to clear their tickets when they pushed out the script. I can't share the gist because it's private, but there are 2 scripts.

    I disabled the Logout and Lost Password URL filtering because it was causing unintended consequences with ecommerce and membership plugins that also filter the URLs. That means that those who don't have those installed have issues, but if you need to reset your password or need to logout, well, you just get redirected and go back to the secret URL unless you disable the plugin.

  5. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    4.0 update - I've been preparing for WP 3.6 and Genesis 2.0 in a lot of fronts, so this will be a little late to the party. If you don't want to be bothered with the Heartbeat API requiring re-login and redirecting in the process, hold off on 3.6 just a while.

    Andrew Nacin has pointed me in the direction I need to go to filter out those logins.

  6. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    4.0.0 is out today. It still uses the wp-config.php option because I had a typo that I had found out how when that statement is missing a "not" in there.

    The trick is that IF this is multisite, then the menu item is one place, else another.

    I do have a function for MS:
    if (function_exists('is_multisite') && is_multisite()) {
    so I could put the menu functions there, but I'd have to test it on a number of configurations before I release that.

  7. frisco
    Member
    Posted 1 year ago #

    Thanks for the follow up.

    If you want to test unreleased code on multisite, happy to help. I can create a site on our 3.7a network and give you admin credentials. Has DEBUG on and several debug-friendly plugins. Can't give super admin, though, and you'd have to email code or provide a link, because we only do updates via SSH, not via dashboard. If interested, I follow you on Twitter as wpperform, so you can follow me and DM whatever info you want.

  8. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    Sent you a DM.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.