WordPress.org

Ready to get started?Download WordPress

Forums

Stop Spammers
[resolved] Question About How the "Blacklist searches for wp-login" Works (6 posts)

  1. MickeyRoush
    Member
    Posted 1 year ago #

    I have a question about how the option "Blacklist searches for wp-login:" works.

    Does it work by REQUEST_URI or something like REQUEST_FILENAME variables? I currently use Theme My Login that puts the login screen in a page of my choosing. So basically am I safe using this option with Theme My Login?

    It looks like it's using $_SERVER['REQUEST_URI'] in stop-spammer-registrations.php. So does it block anything/anyone doing a request_uri for just wp-login? Something like http://www.example.com/wp-login ? Will it affect anything/anyone searching for wp-login.php? Sorry, it's hard to test this when I need to be whitelisted and I block most of the known proxies and tor networks from my site as well.

    http://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/

  2. kpgraham
    Member
    Plugin Author

    Posted 1 year ago #

    What the blacklist searches do is detect when someone looks for wp-login.php in the wrong place. This is usually a spider trying to find wp-login. It only blacklists it when WordPress detects a 404 error "file not found". On every 404 it looks at REQUEST_URI, and if it has the string wp-login.php it adds to the black list. It will not affect custom login pages at all.

    As far as I can tell it only affects people trying to find the wp-login.php file and don't know where to look. I get a few of these everyday out of thousands of spam attempts.

    Keith

    PS. Sorry this took so long, but I've been without internet due to Hurricane Sandy for a few days.

  3. MickeyRoush
    Member
    Posted 1 year ago #

    Thanks for the reply and sorry for your troubles with the storm. Where I live we sometimes get the after effects of hurricanes too. So I sort of know what you're going through.

    And your reply answered my question precisely. I was trying to figure out what exactly the code did and your explanation details it very well. Thanks again.

    How hard would it be to include wp-register.php and wp-signup.php? Or is that a bad idea?

  4. kpgraham
    Member
    Plugin Author

    Posted 1 year ago #

    I will add the register and signup files right now.

    The current new version has so many changes that I am afraid to release it. I am testing now and so far no problems, but some of the changes have a large impact on the way it works. I expect there will be an emergency release 8 hours after the release.

    Keith

  5. MickeyRoush
    Member
    Posted 1 year ago #

    That's awesome. Is this where I can download the latest beta?

    http://www.blogseye.com/beta-test-plugins/

  6. kpgraham
    Member
    Plugin Author

    Posted 1 year ago #

    That's the right URL

    Keith

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic