WordPress.org

Ready to get started?Download WordPress

Forums

Stealth Login Page
[resolved] New WP install, default logins not hidden (17 posts)

  1. izzaboo
    Member
    Posted 1 year ago #

    Hallo.

    I've used this plugin on two other sites and found it very useful. So, on a new install I included it in default list of plugins to set up right away.

    I did that but when I launched another browser (on a different device) the /wp-admin url redirected to wp-login.php?question=answer

    That doesn't seem like the way it is supposed to work.

    Any thoughts? Did I do something wrong? Does logging out close the session used by this plugin?

    all best,
    Greg

    http://wordpress.org/extend/plugins/stealth-login-page/

  2. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    It shouldn't redirect until the checkbox to enable it is checked, which is defaulted unchecked upon install. Did it say exactly that? "?question=answer" in the URL? If so, I can see where that originated from.

    Go ahead and grab the latest version, though - what version did you upload into a new install?

  3. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    2.1.0 has an issue. I'm updating to 2.1.1 at the moment as soon as I rectify a conditional logic issue.

  4. izzaboo
    Member
    Posted 1 year ago #

    Hi Jesse,

    Thanks for your replies. Looks like you're "on it" as they say. And I thought I should give you a response anyway.

    No, it used my secret question and answer, I just used "question" and "answer" as placeholders in my post here. Also, looking back at the email sent with the custom URL in it, the custom URL followed this form:

    http://www.myclientsdomain.com/wp-login.php/?question=answer?question=answer

    I didn't notice the duplicated Q/A paring and the slash between .php and ? until this morning.

    I loaded the most recent version from the WP repository at the time (2.1.0, which you indicate has a conditional logic issue).

    btw, while you're in there, i just noticed a typo on the /options-general.php?page=stealth-login-page. The word customizable is missing an "a".

  5. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    Thanks for the head's up and the information.

  6. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    2.1.1 is live. Please update immediately.

  7. izzaboo
    Member
    Posted 1 year ago #

    Tally-ho! Redirection is working well!

    But hey. In the options page, I checked the box to send URL to admin's email. In the email it came through with this convention:

    http://www.clientdomain.com/wp-login.php?Q=A?Q=A

    Where "Q" is my secret Question and "A" is my secret Answer.

    thanks for the quick work!

    all best,
    G

  8. izzaboo
    Member
    Posted 1 year ago #

    Personally, I like the redirect on logout because I just use the site's homepage as redirect URL.

    But I can see how if somebody wanted to redirect to good ol' rick you might not want to rick roll a valid user logging out...

    heheheh.

    G

  9. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    Thanks for pointing out that URL. It was using an old convention:

    wp_login_url() . '?' . $slp_options['question'] . '=' . $slp_options['answer'] )

    I've replaced the wp_login_url() with the new URL so it was thus repeating it. I'm going to fix that as I type.

  10. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    I'm not going to rev the plugin for this change, so here is what I edited in /includes/settings-page.php Line 8... grab the whole thing and replace the entire function.

    add_action( 'admin_init', 'slp_email_admin' );
    function slp_email_admin() {
    	global $slp_options, $custom_url;
    	if ( isset( $slp_options['enable'] ) && $slp_options['question'] && $slp_options['answer']  && isset ( $_POST['email-admin'] ) && current_user_can( 'manage_options' ) ) {
    		$to = get_bloginfo( 'admin_email' );
    		$subject = sprintf( __( 'Custom login URL for %s', 'stealth-login-page' ), get_bloginfo( 'name' ) );
    		$message = sprintf( __( 'Your custom login URL for %1$s is %2$s', 'stealth-login-page' ), get_bloginfo( 'name' ), $custom_url;
    		wp_mail( $to, $subject, $message );
    	}
    }
  11. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    Actually, this

    add_action( 'admin_init', 'slp_email_admin' );
    function slp_email_admin() {
    	global $slp_options, $custom_url;
    	if ( isset( $slp_options['enable'] ) && $slp_options['question'] && $slp_options['answer']  && isset ( $_POST['email-admin'] ) && current_user_can( 'manage_options' ) ) {
    		$to = get_bloginfo( 'admin_email' );
    		$subject = sprintf( __( 'Custom login URL for %s', 'stealth-login-page' ), get_bloginfo( 'name' ) );
    		$message = sprintf( __( 'Your custom login URL for %1$s is %2$s', 'stealth-login-page' ), get_bloginfo( 'name' ), $custom_url );
    		wp_mail( $to, $subject, $message );
    	}
    }
  12. izzaboo
    Member
    Posted 1 year ago #

    Great!

    I commented out everything after "wp-login.php" when setting $custom_url_ending in plugin.php

    $custom_url_ending = "wp-login.php";//?" . $slp_options['question'] . '=' . $slp_options['answer'];

    And it seemed to work better for me. Not sure why.

    -Greg

    p.s. I guess I don't know how to get my code to display here in a nice scrollable box. huh.

  13. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    Well, if you do that, then your WP login/out URL is going to return to /wp-login.php with nothing after it and be redirected and it makes the entire function above that (the reason for 2.1.0) non-functioning. Same-same. The function is negated when you do that.

    Translated:

    $old  = array( "/(wp-login\.php)/");
        $new  = array( "wp-login.php" );

    See the box below the editor box with instructions on code? Or that little code button above this box as you type a reply to me?

  14. danielsdebastiani
    Member
    Posted 1 year ago #

    I liked this plugin, but it needs some improvements.
    It does not work with other actions in wp-login, like register and lostpassword for example.

  15. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    2.1.0 did fix the lost password link and anyone allowing registrations from the base login screen can skip this plugin, as it's not in the best interest of site security. That will not be addressed by any changes in the future.

    2.1.0
    Corrected the logout link in the dashboard and the lost password link on the login page.

  16. styzer
    Member
    Posted 1 year ago #

    Hi Jesse,

    Installed v2.1.2, and I still get attackes (2 min intervals). I myself cannot access my website login page, how do "they" find it?

    I also never received the email with question and answer as per suggested by checking the box.

    Can you help? Anything I missed?

    Regards,

    Andre

  17. styzer
    Member
    Posted 1 year ago #

    Ah, the fix seems to have worked... radio silence for the past 10 min... Great to see it's working!

    Andre

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags