Support » Plugin: WPS Hide Login » After activating going to wp-admin will redirect to custom url – intentional?

  • Resolved dingo-d

    (@dingo_d)


    Not sure if this should be the default behavior of the plugin, but I set up some random name for the new login, and when I try to go to the wp-admin or wp-login in the incognito mode, I’m being redirected to the login page with the new slug.

    What’s the purpose of the plugin if I can still access the login page by going to the wp-admin or wp-login?

    I’m testing on a local VVV install, which is on php 7 and nginx.

    • This topic was modified 3 years, 8 months ago by dingo-d.
Viewing 15 replies - 1 through 15 (of 16 total)
  • Plugin Author NicolasKulka

    (@nicolaskulka)

    Normally if you are offline, you do not have access to the admin page, if you do not know the custom url.

    Default: /login

    There is no redirection otherwise the plugin would have no use.

    If you have the plugin installed and activated, going to

    http://site.url/wp-register.php

    will redirect you to the “secret” login URL.

    En effet, http://site.url/wp-register.php permet de dévoiler url de login. Que devient l’intérêt d’utiliser le plugin ?

    Plugin Author NicolasKulka

    (@nicolaskulka)

    Personnellement ce fichier n’existe pas sur mon installation.

    Si vous accepter que les utilisateurs puissent s’enregistrer, ce n’est pas nécessaire effectivement, car il leur faut bien l’url pour qu’il puisse s’enregistrer.

    Thread Starter dingo-d

    (@dingo_d)

    I’m not offline, but developing locally. I thought that the plugin will hide the defaul url’s completely. But it’s just redirecting. Might have some uses, but obviously not for me…

    Plugin Author NicolasKulka

    (@nicolaskulka)

    There is no redirection, precisely it hides the default url of WordPress.

    By default the url is: /login

    @nicolaskulka

    Merci pour la réponse!

    Tous les sites ou j’utilisais le plugin était configuré pour ne pas accepter les inscriptions – réglage (dans Réglages=>Général) * mais en effet je n’avais pas pris la peine de supprimer ce fichier de mon installation. Qui soit dit en passant reviendra à chaque mise à jour de WordPress.

    Vu que le lien http://site.url/wp-register.php dévoile l’url secréte, ne serait-il pas possible d’ajouter un réglage dans le plugin qui vérifierait le réglage ‘inscription’ de WordPress et supprimerait ce fichier automatiquement ?

    Bien à vous,

    Plugin Author NicolasKulka

    (@nicolaskulka)

    Ce fichier n’existe pas dans les dernières version de WordPress.

    en effet, mais le lien http://site.url/wp-register.php fonctionne et redirige sur la page de connexion quoiqu’il en soit du réglage inecription dans wordpress!

    Plugin Author NicolasKulka

    (@nicolaskulka)

    Oui, je suis d’accord, mais ce fichier n’a plus lieu d’être depuis pas mal de version WordPress.

    Ce fichier a été supprimé du core, donc je vous conseille de mettre à jour votre WordPress si c’est déjà le cas, supprimé les fichiers qui ne sont plus dans la dernière version que vous avez installée.

    Yes, wp-register.php is not included in WordPress, but it’s one of the URLs WordPress listens for and redirects by default. Here is a brand new 4.9.4 install that demonstrates the issue.

    Honestly, I’m a little surprised you haven’t taken the time to test this yourself in the past week after getting the initial report.

    Plugin Author NicolasKulka

    (@nicolaskulka)

    This file not exist : https://mywebsite.com/wp-register.php

    This file must be deleted.

    • This reply was modified 3 years, 8 months ago by NicolasKulka.

    The file does indeed not exist in my above example. It is a brand new 4.9.4 install. But WordPress is still listening for and redirecting the requests, and the plugin is exposing the URL it’s supposed to be hiding.

    You can test your plugin yourself very easily, or I can make another video, or you can look at where WordPress is intercepting the calls and update your plugin to account for these.

    https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-wp-rewrite.php#L1278

    https://core.trac.wordpress.org/browser/trunk/src/wp-includes/canonical.php#L364

    Plugin Author NicolasKulka

    (@nicolaskulka)

    I have a “File not found.” on url : https://mywebsite.com/wp-register.php

    WordPress 4.9.4

    I can not reproduce your problem.

    Do you have rules in .htaccess ?

    Just the default for pretty permalinks:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /wps-login/
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /wps-login/index.php [L]
    </IfModule>

    # END WordPress

Viewing 15 replies - 1 through 15 (of 16 total)
  • The topic ‘After activating going to wp-admin will redirect to custom url – intentional?’ is closed to new replies.