Plugin Author
AITpro
(@aitpro)
I don’t understand the scenario. The Rename wp-login.php states this:
It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url.
So I assume that means the Rename wp-login.php plugin just does something at the PHP level to redirect standard WP login URI’s (wp-login.php and /wp-admin) somewhere else. So are you saying you enabled backend MMode in BPS and did X with the Rename wp-login.php plugin? If so, what is X? If not, please explain things in more detail so that I can reproduce the scenario you are talking about for testing purposes.
Plugin Author
AITpro
(@aitpro)
I installed the Rename wp-login.php plugin and BPS MMode overrides what the Rename wp-login.php plugin is doing when you enable MMode. The reason for that is MMode works by checking the IP address of any Requests to your website to allow access to your website. So the standard WP login URI’s (wp-login.php and /wp-admin) would work normally. So you would not have been locked out of your site since you would just login normally. Since the the Rename wp-login.php plugin creates a virtual URI/URL then there is nothing BPS could check unless BPS hooked into the Rename wp-login.php plugin’s code to check what it is doing. Since that is not really necessary to do since MMode overrides the Rename wp-login.php plugin then basically you end up with this scenario: When your site is in MMode it is protected by IP address, which includes the WP Login page or any other non-standard Login page such as a redirect done by the Rename wp-login.php plugin. In other words, either way you are covered/protected.
Thank you for your fast and detailed response
Yes I agree and can confirm that the website is protected from visitors.
I understand, I checked if I was able to reach the normal login pages during maintenance mode (wp-login.php and /wp-admin).
/wp-admin gave me a page with a message that: You must log in to access the admin area.
/wp-login.php is protected by my webhosting company with a recaptcha to prevent brute force attacks. This shows but then when it accepts the wp-login.php page shows a message that the page cannot be found.
So I m not sure if this is caused by my webhosting company or by the plugin mentioned before. Likely my webhosting if it works correctly on your wordpress instalation.
For know I will just stick to Mojo under construction for the maintenance mode. And use BPS for the security.
I will keep this thread open in case you want me to test something else. if not I will mark it as resolved.
To add on the subject, I was able to login via my relocated login url while the BPS front end maintenance mode was activated.
Plugin Author
AITpro
(@aitpro)
Yep, I have resolved this thread since this is just one of those scenarios where several different features/security measures/etc. affect each other because the functionality of those features/security measures/etc. overlap. It would probably be possible to create additional options/features/functionality in BPS MMode, but honestly I don’t think its worth the effort involved for something like MMode, which is a rarely used BPS feature. ie we probably use MMode on our sites about once every 3 months for about 30 minutes. 😉
FYI – We still receive email notifications when threads have been resolved.
