The wSecure plugin hides admin URL so that “www.yoursite.com/wp-admin” will no longer
bring up the admin page. Instead, wSecure allows you to set your own admin URL using a secret key
(for example: www.yoursite.com/wp-admin/?secret). Only people who enter the secret key will be able to
access your admin area.
The Basic Version will hide your administrator URL from public access. This is the feature that most people need.
- Set “Enable” to “yes” in order for wSecure to work.
- The “Pass Key” field allows admin to select the mode in which admin can enter the “Secret Key” to access the WordPress admin login page. Possible options are directly through “url” or a separate “form” asking to enter the secure key.
- In the “Key” field enter the key that will be part of your new administrator URL. For example,
if you enter “wSecure” into the key field, then the administrator URL will be http://www.yourwebsite/wp-admin/?wSecure
- If you do not enter a key, but enable the wSecure plugin, then the default URL to access the administrator area is /?wSecure
- Set the “Redirect Options” field. By default, if someone tries to access you /wp-admin URL without the correct key, they will be redirected to the home page of your WordPress site. You can also set up a “Custom Path” is you would like the user to be redirected somewhere else, such as a 404 error page.
- Click on the save button to make changes.
The Advanced version has additional features that you can have.
- Mail tab: This sets whether you want an email to be sent every time there is a failed login attempt into the WordPress administration area. You can set it to send the wSecure key or the incorrect key that was entered.
- IP tab: This tab allows you to control which IPs have access to your admin URL.
- White Listed IPs: If set to “White Listed IPs” you can make a white list for certain IPs. Only those specific IPS will be allowed to access your admin URL.
- Blocked IPs: If set to “Blocked IPs” you can block certain IPs from accessing your admin URL.
- Master Password: You can block access to the wSecure component from other administrators.
Setting to “Yes”, allows you to create a password that will be required when any administrator tries to access the wSecure configuration settings in the WordPress administration area..
- Master Mail: These setting allow you to have an email sent every time the wSecure configuration is changed.
- Log: This setting allows you to decide how long the wSecure logs should remain in the database.
Still works but I am wondering if I continue to use this plugin when it has not been updated for more than a year.
Version 1.0 – Basic Version. Works fine, with basic functionality.
Version 2.0 – Session problem corrected.
Redirection problem corrected when user chooses custom path option.
(New) Added option to select the “Pass Key” mode i.e. the mode in which you can enter the secret key for accessing the WordPress admin login page. Possible options are “form” and “url”.
- Added functionality to pass wSecure key by FORM / URL.
- Improved UI of the plugin.
- Improved security by adding required validations for wSecure key.
Version 2.4 – Fixed security issues with missing nonces.
wSecure Authentication – Advanced version– Redirection problem corrected when user chooses custom path option.
- Added the option of form to type the secret key in the form instead of the URL.
- Added E-mail option to send the change log in wSecure Authentication.
- User can choose from White Listed IPs / Blocked IPs.
- User Friendly option to add ip address.
- Enter specific IPs(White Listed IPs) that will allow access to administration area.
- Added Master Password to access the wSecure Authentication.
- Added view log functionality to show the log made by wSecure.
- Added delete log functionality to keep the log of the plugin for a specified amount of time.
- Improved back-end layout and presentation.