WordPress.org

Ready to get started?Download WordPress

Forums

Lockdown WP Admin
Purpose? (21 posts)

  1. adamsmark
    Member
    Posted 3 years ago #

    Does this plugin increase security? If so, how? Seems like a good idea, but not sure how it would increase security.

    http://wordpress.org/extend/plugins/lockdown-wp-admin/

  2. Sean Fisher
    Member
    Plugin Author

    Posted 3 years ago #

    Well it has two main features.

    1. It hides /wp-admin/ from those that aren't logged in. Instead of just moving wp-admin like many people want to do but that requires modifing core code. I'm not saying it's supported, but you could also rename wp-login.php to lets say login-page.php, it isn't supported but I have renamed it and then used other hooks to change the links to wp-login.php.

    2. It provides HTTP auth. Many people have problems with this because it's too hard to understand or implement. I made it simple but adding HTTP auth using PHP. It allows you to add HTTP auth using your WordPress credentials or another set of username/passwords to have a double level security. I use this on a news blog site of mine with many different reporters adding content. We had an outbreak where one password for a user was bruteforced, so we added this. Now, they have to have two sets of username and passwords to get into /wp-admin/.

  3. thompaw
    Member
    Posted 3 years ago #

    Hi Sean!

    I downloaded the Lockdown plugin and i got locked out!

    How can I reconnect to my .php files? I tried to use WP auth method.

    Please advice!

    Best Regards
    Thomas

  4. Sean Fisher
    Member
    Plugin Author

    Posted 3 years ago #

    Hi!

    When you set it up, did you try to use the WordPress credentials method? If you did, just login with your WordPress credentials (username only I believe and your password).

  5. OJBizzle
    Member
    Posted 3 years ago #

    Hi. I am running WP 3.0.4 and I just installed this plugin and enabled using WP login credentials. I am now seeing blank white pages.

    My php error logs show the following error:

    PHP Fatal error: Call to undefined function get_user_id_from_string() .../wp-content/plugins/lockdown-wp-admin/lockdown-wp-admin.php on line 308

    I've had to disable the plugin via the database to get back into my admin page.

    Any idea whats going on?

  6. Sean Fisher
    Member
    Plugin Author

    Posted 3 years ago #

    Ahhh, this is a bug within the plugin.

    It was calling on a function that is really WP-MS only. I have fixed it and just pushed out a bug fix.

    It should be in your WordPress update soon enough.

  7. dakasky
    Member
    Posted 3 years ago #

    Hi Sean - installed your plug-in. Sounded good.

    However, It would not let me change the location of the wp-login.php. For example, let's say I put in "rocket" in the blank field (where you used "login" as an example), it switched the word I put in to "base". This happened no matter what I tried.

    Also, I set HTTP access to use WordPress credentials and now it won't let me login. I get past my normal login page but then get your screen pop-up that never goes away and never lets me login and if I click cancel it just says Authentication required.

    I cannot access anything at this point. A real bummer. Any ideas how I can uninstall of fix this problem? :)

  8. Sean Fisher
    Member
    Plugin Author

    Posted 3 years ago #

    @dakasky What setup do you have, e.g. server/hosting/hosting company/etc?

    If you can't login, just delete the /wp-content/plugins/lockdown-wp-admin until I get a fix out.

  9. dakasky
    Member
    Posted 3 years ago #

    Thanks for the reply. Latest version of WP with Jetpack using 1and1 shared hosting. Yeah figured out to delete that to get back in. Was running a few other plugins. Login Lockdown and SI Captcha. Maybe Login Lockdown conflicted with your plugin? It conflicted with SI Captcha so I disabled it. Lemme know what you figure out on both issues. :) it would be nice to use your plugin. I won't give a rating until later.

  10. Sean Fisher
    Member
    Plugin Author

    Posted 3 years ago #

    This is very strange.. I'll investigate a bit more. There's no reason either of those plugins should affect the renaming of the login URL.

  11. Sean Fisher
    Member
    Plugin Author

    Posted 3 years ago #

    I just pushed an update to 1.4. It has some bug fixes in it that might fix it, but it might not. We'll have to see.

  12. dakasky
    Member
    Posted 3 years ago #

    Appreciate the effort. I reinstalled and immediately it pops up wanting the password prompted by your plugin. I had set it for the same as my WordPress creds, and it still doesn't work. So, apparently it modified some other files in the prior install, which must be where the issue resides. I wish I could just get my WP install back to the same as before your plugin at this point, and remove your code from any modified files, so it doesn't cause any other issues. I deleted your plugin folder, of course, like before, and was able to get out of the endless password request loop.

    Really having doubts about something that is related to my password at this point. Only plug ins when this first happened are Akismet, EZPZ One Click Backup, Hello Dolly, Jetpack by WordPress.com, SI CAPTCHA Anti-Spam, WordPress Importer, and that other one I removed... Login Lockdown.

    Again, I appreciate your effort. You know I have seen several plugins have problems with Jetpack. FYI - running latest versions of everything. :) Got any solutions?

  13. Sean Fisher
    Member
    Plugin Author

    Posted 3 years ago #

    Well maybe it might be a plugin, but i'd love to check this out on a per site basis. And to get into your site when the plugin is active at this point, you have to remove an option (and that can only be done from the DB). If you'd like, you can email me at srtfisher@gmail.com and I can try and figure out what's up with your site. Just a little FTP should do :p

    The plugin doesn't modify core WP files. :D

  14. dakasky
    Member
    Posted 3 years ago #

    Thanks for the offer Sean, but I don't feel comfortable letting someone I don't know FTP into my site. :) So, that being said. After I delete the folder for your plugin, are there any remnants that remain elsewhere that I need to find and delete? Thanks again for you efforts and good luck.

  15. sweetmelody
    Member
    Posted 3 years ago #

    @Sean Same thing with @dakasky, the location of wp-login can't be changed, it will be reverted to 'base'. :(

  16. dakasky
    Member
    Posted 3 years ago #

    Bah!! I hope these issues get fixed because the concept is a good one. Looking at other security plugins as we speak. :)

  17. dakasky
    Member
    Posted 3 years ago #

    Melody who is sweet. I would email him (address is in previous post) because I don't think he checks this page every day or gets notified. I had to tweet him to start a dialog. :)

  18. DanyD
    Member
    Posted 3 years ago #

    Hello

    there is a small bug, just modif lockdown-wp-admin.php at line 194
    with:
    $base = sanitize_title_with_dashes( $base);

  19. Sean Fisher
    Member
    Plugin Author

    Posted 3 years ago #

    Ah, I noticed this a few days ago. I just pushed it out; expect to see the update in your WP Admin soon (or you could just download 1.4.1 now at http://wordpress.org/extend/plugins/lockdown-wp-admin/)

  20. sweetmelody
    Member
    Posted 3 years ago #

    Yeah!!! Can change the login name already! Thank you @Sean for protecting us. :D

    @dakasky Thanks to you too!!! Thanks for contacting @Sean. Happy day!

  21. jxs714
    Member
    Posted 3 years ago #

    For some reason I cannot get this to work. I installed the latest version, chose the http auth option and I am locked out with no way to start my administration without deleting the plugin folder. I even deleted everything off my server and started from an old backup, reinstalled a fresh plugin and still get the same issue. Please help me. Thank you!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic