Support » Plugin: Rename wp-login.php » "URL Login Requests – Redirects" Issue – Fixed

  • Resolved mwarbinek

    (@mwarbinek)


    Yep, your update did fix the issue where if a person types in the full URL as “http://www.blognamehere.com/WordPress/wp-login.php”, they were previously redirected to a new login page and bypassed your plugin. The same issue occurred with “http://www.blognamehere.com/WordPress/wp-admin/wp-login.php” and other similar URL requests.

    Now that its fixed (thanks muchly), here is something that can add a little spice to the plugin.

    In the Word Press folders that do not need the “wp-login.php” file, insert your own “wp-login.php”.

    Remember to NOT code it without the standard <html>, <head>, or <body> tags. You can do one of 2 things.
    1. Insert only a PHP redirect taking the hacker to any page you want. Such as:

    <?php
    header( ‘Location: http://www.google.com&#8217; ) ;
    ?>

    2. Or instead of a PHP redirect, insert only a <p></p> tag with inline CSS styling, as:

    <p style=”margin-top: 200px; text-align: center; font-size: 40px;”> This is your login page, have a good day!</p>

    Then if the hacker tries to go to “http://www.blognamehere.com/WordPress/wp-admin/wp-login.php&#8221;, they get your special login page and voila, you annoyed them.

    Plus you can add an HTML comment tag <!–comment something here–> and if they view the source code of your special login page, they read your special comment to them.

    Upload the special wp-login to folders as “wp-admin”, “wp-content” and “wp-includes” as these folders do not require a wp-login page. NOTE: -MAKE SURE there is no login file there, if so, view the source code to see if its a WordPress php login file then avoid over writing it.

    Make sure you set the access permissions to that file as “555”, removing any write permissions. Your web host normally has the file manager program that allows you to do that.

    http://wordpress.org/plugins/rename-wp-login/

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Ella

    (@ellatrix)

    I’m just wondering what the benefit of this is? There is no security benefit, it’s extra work for me, and bots don’t read those pages, they just try to log in.

    Thread Starter mwarbinek

    (@mwarbinek)

    Oh yes, I suggest to get a plugin to hide the Meta Link > “wp-login” on the front of your Word Press blog.

    Yes, rename-login eliminates the value of that link, but to make it harder for hackers to access the login page, I used a plugin to hide the front-end Meta link since WordPress developers still have decided to block our admin access to those links.

    Thread Starter mwarbinek

    (@mwarbinek)

    No, not for you to add it to the plugin, for others to do that work themselves if they choose and it does not require any personal mods to your plugin. I did my own work since I get a lot of hacker attempts.

    Plugin Author Ella

    (@ellatrix)

    Oh, I see, sorry.

    Thread Starter mwarbinek

    (@mwarbinek)

    No problem, my fault, should have clarified that at first, did not notice.

    PS: I donated 20 GBP to your plugin via PayPal.

    Nice work, eliminates the repeated hassle of IP blocking. Please keep the plugin going.

    Plugin Author Ella

    (@ellatrix)

    Thank you! 🙂 I certainly will.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘"URL Login Requests – Redirects" Issue – Fixed’ is closed to new replies.