WordPress.org

Ready to get started?Download WordPress

Forums

Lockdown WP Admin
[resolved] Now protects "wp-login.php" as well? (6 posts)

  1. Ipex Media
    Member
    Posted 1 year ago #

    Does anybody notice this before Lockdown WP Admin only protected the "wp-admin" but typing in "wp-login.php" you can still access the WP-login panel screen?

    However, now it appears it protects the "wp-login.php" as well!

    Definitely a greater security increase and improvement for Lockdwon WP Admin...

    Now my question is since the "wp-admin" and "wp-login.php" are protected, how else would somebody access the WP-admin login panel screen by typing something in the URL?

    Or there is no other way of accessing through some universal WordPress file-URL?

    http://wordpress.org/extend/plugins/lockdown-wp-admin/

  2. Sean Fisher
    Member
    Plugin Author

    Posted 1 year ago #

    The only way would be via a URL path that they could specify for the login URL. Would love to know how else they could get around it to fix it :-)

  3. Sean Fisher
    Member
    Plugin Author

    Posted 1 year ago #

    I may also add a way to ensure other files can be added to be protected, i.e. wp-includes/

  4. Ipex Media
    Member
    Posted 1 year ago #

    Thanks sean,

    This should definitely be a required necessary security plugin.

    Reason I asked because my host now requires me to have a cache, and I'm using Hyper-Cache...

    here was the problem, I'm also using another security-plugin called "limited login attempt," but due to having Hyper-Cache, it caches the redirects from Lockdown WP Admin

    http://www.domain.com/customloginredirect

    Hence, I'm no longer protected using "limited login attempt" because the 5 tries attempt won't go down to 0, but stay at the last cached attempt.

    However, Hyper-Cache doesn't cache the "wp-admin" so when I disable "Lockdown WP Admin" and go back to accessing the wp-login screen page through wp-admin as the only way of getting there, the "limited login attempts" work again.

    So as much as I like to use in conjunction both "Lockdown WP Admin" and "Limited Login Attempts", I can only have 1.

    Bitter dilemma, but I find "Lockdown WP admin" will offer better secruity than "limited login attempts" if there were no other ways to access the wp-login screen page when "wp-admin" and "wp-login.php" is disabled and there any other similar "universal known-way"...

    than just us knowing the acutal redirect we put in Lockdown WP Admin.

  5. HCE
    Blocked
    Posted 1 year ago #

    When I go to /wp-admin/ I get this error message at the bottom of the 404:

    Fatal error: Call to undefined function get_current_screen() in /home/user/public_html/wp-includes/admin-bar.php on line 426

    What is causing that error?

  6. HCE
    Blocked
    Posted 1 year ago #

    When I go to /wp-admin/ I get this error message at the bottom of the 404:

    Fatal error: Call to undefined function get_current_screen() in /home/user/public_html/wp-includes/admin-bar.php on line 426

    What is causing that error?

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic