Support » Plugin: WPS Hide Login » After activating going to wp-admin will redirect to custom url – intentional?

After activating going to wp-admin will redirect to custom url – intentional?

  • Resolved Denis Žoljom

    (@dingo_d)


    5 years ago

    Not sure if this should be the default behavior of the plugin, but I set up some random name for the new login, and when I try to go to the wp-admin or wp-login in the incognito mode, I’m being redirected to the login page with the new slug.

    What’s the purpose of the plugin if I can still access the login page by going to the wp-admin or wp-login?

    I’m testing on a local VVV install, which is on php 7 and nginx.

Viewing 15 replies - 1 through 15 (of 16 total)
1 2
  • Plugin Author NicolasKulka

    (@nicolaskulka)

    5 years ago

    Normally if you are offline, you do not have access to the admin page, if you do not know the custom url.

    Default: /login

    There is no redirection otherwise the plugin would have no use.

    supersoju

    (@supersoju)

    5 years ago

    If you have the plugin installed and activated, going to

    http://site.url/wp-register.php

    will redirect you to the “secret” login URL.

    JoseKost

    (@josekost)

    5 years ago

    En effet, http://site.url/wp-register.php permet de dévoiler url de login. Que devient l’intérêt d’utiliser le plugin ?

    Plugin Author NicolasKulka

    (@nicolaskulka)

    5 years ago

    Personnellement ce fichier n’existe pas sur mon installation.

    Si vous accepter que les utilisateurs puissent s’enregistrer, ce n’est pas nécessaire effectivement, car il leur faut bien l’url pour qu’il puisse s’enregistrer.

    Thread Starter Denis Žoljom

    (@dingo_d)

    5 years ago

    I’m not offline, but developing locally. I thought that the plugin will hide the defaul url’s completely. But it’s just redirecting. Might have some uses, but obviously not for me…

    Plugin Author NicolasKulka

    (@nicolaskulka)

    5 years ago

    There is no redirection, precisely it hides the default url of WordPress.

    By default the url is: /login

    JoseKost

    (@josekost)

    5 years ago

    @nicolaskulka

    Merci pour la réponse!

    Tous les sites ou j’utilisais le plugin était configuré pour ne pas accepter les inscriptions – réglage (dans Réglages=>Général) * mais en effet je n’avais pas pris la peine de supprimer ce fichier de mon installation. Qui soit dit en passant reviendra à chaque mise à jour de WordPress.

    Vu que le lien http://site.url/wp-register.php dévoile l’url secréte, ne serait-il pas possible d’ajouter un réglage dans le plugin qui vérifierait le réglage ‘inscription’ de WordPress et supprimerait ce fichier automatiquement ?

    Bien à vous,

    Plugin Author NicolasKulka

    (@nicolaskulka)

    5 years ago

    Ce fichier n’existe pas dans les dernières version de WordPress.

    JoseKost

    (@josekost)

    5 years ago

    en effet, mais le lien http://site.url/wp-register.php fonctionne et redirige sur la page de connexion quoiqu’il en soit du réglage inecription dans wordpress!

    Plugin Author NicolasKulka

    (@nicolaskulka)

    4 years, 12 months ago

    Oui, je suis d’accord, mais ce fichier n’a plus lieu d’être depuis pas mal de version WordPress.

    Ce fichier a été supprimé du core, donc je vous conseille de mettre à jour votre WordPress si c’est déjà le cas, supprimé les fichiers qui ne sont plus dans la dernière version que vous avez installée.

    supersoju

    (@supersoju)

    4 years, 12 months ago

    Yes, wp-register.php is not included in WordPress, but it’s one of the URLs WordPress listens for and redirects by default. Here is a brand new 4.9.4 install that demonstrates the issue.

    Honestly, I’m a little surprised you haven’t taken the time to test this yourself in the past week after getting the initial report.

    Plugin Author NicolasKulka

    (@nicolaskulka)

    4 years, 12 months ago

    This file not exist : https://mywebsite.com/wp-register.php

    This file must be deleted.

    • This reply was modified 4 years, 12 months ago by NicolasKulka.
    supersoju

    (@supersoju)

    4 years, 12 months ago

    The file does indeed not exist in my above example. It is a brand new 4.9.4 install. But WordPress is still listening for and redirecting the requests, and the plugin is exposing the URL it’s supposed to be hiding.

    You can test your plugin yourself very easily, or I can make another video, or you can look at where WordPress is intercepting the calls and update your plugin to account for these.

    https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-wp-rewrite.php#L1278

    https://core.trac.wordpress.org/browser/trunk/src/wp-includes/canonical.php#L364

    Plugin Author NicolasKulka

    (@nicolaskulka)

    4 years, 12 months ago

    I have a “File not found.” on url : https://mywebsite.com/wp-register.php

    WordPress 4.9.4

    I can not reproduce your problem.

    Do you have rules in .htaccess ?

    supersoju

    (@supersoju)

    4 years, 12 months ago

    Just the default for pretty permalinks:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /wps-login/
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /wps-login/index.php [L]
    </IfModule>

    # END WordPress

Viewing 15 replies - 1 through 15 (of 16 total)
1 2
  • The topic ‘After activating going to wp-admin will redirect to custom url – intentional?’ is closed to new replies.

Views