WordPress.org

Ready to get started?Download WordPress

Forums

WP-Members
[resolved] The "wp-login.php" URL for new users is exposed by the email notifica (11 posts)

  1. Caps
    Blocked
    Posted 2 years ago #

    It would be great if the admin can easily change the Login URL sent to the new user. By default the script exposes "wp-login.php" which is a security risk. Also for those who want to create their own custom login page.

    This plugin provides what WordPress has left out. Thank you.

    http://wordpress.org/extend/plugins/wp-members/

  2. Chad Butler
    Member
    Plugin Author

    Posted 2 years ago #

    For clarification, I assume that you are talking here about the email that is sent if you create a new user through WordPress?

  3. Caps
    Blocked
    Posted 2 years ago #

    Hi Chad,

    You are stating it correctly.

  4. Chad Butler
    Member
    Plugin Author

    Posted 2 years ago #

    That is actually a pluggable function if you want to modify that email. But using the WP-Members plugin is a good option too.

  5. Caps
    Blocked
    Posted 2 years ago #

    How do I use the pluggable option? The default reveals the login.php file.

  6. Chad Butler
    Member
    Plugin Author

    Posted 2 years ago #

    Customize this function and keep it in your functions.php file:

    http://core.trac.wordpress.org/browser/branches/3.4/wp-includes/pluggable.php#L1188

  7. Caps
    Blocked
    Posted 2 years ago #

    Hi Chad,

    Is the pluggable script necessary? Why not use: "www.mysite.com/login" instead of: "www.mysite.com/wp-login.php?"

    Regards,

    Caps

  8. Chad Butler
    Member
    Plugin Author

    Posted 2 years ago #

    If all you want to do is change the login url to point somewhere else, yes, you could filter wp_login_url with the login_url filter hook:

    http://core.trac.wordpress.org/browser/branches/3.4/wp-includes/general-template.php#L221

  9. Caps
    Blocked
    Posted 2 years ago #

    This is a great script and I am concerned that exposing "wp-admin.php" gives the public that the site is built with WordPress.

    For the sake of non coders and making WP-Members top notch, I would like to see that WP-Members would not link back to the site showing to the public direct access to "wp-login.php" - when it is not necessary. I deleted that file to provide better security and anonymity.

    Regards,

    Caps

  10. Chad Butler
    Member
    Plugin Author

    Posted 2 years ago #

    For the recored, WP-Members does not link back to wp-login.php as you have suggested. The email you discussed is from WordPress and only comes from WordPress if you create a new user via the WP admin. It has nothing whatsoever to do with the plugin.

  11. Caps
    Blocked
    Posted 2 years ago #

    Hi Chad,

    My apologies - that seems to be another script. I tested it on a newly installed site just now, and it does not contain that link back issue.

    Lets mark this as solved -

    Thank you for your time answering my post.

    Regards,

    Caps

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.