Support » Plugin: WPS Hide Login » Almost perfect, but this message…….

  • Well I think this plugin is almost perfect. Everything works as expected.

    What I really must criticize is that “this has been disabled” message…
    This message does not make sense to me at all, because this way a possible attacker knew almost instantly, that I use the wps-hide-login plugin. Not a big thing, but WOULD there be a security issue in this plugin, this was a very interesting information for the attacker.

    Please, please please, add a hook to let us change this or simply change it to a redirect (404 or site_home)!

    EDIT: Changed my Review Rating from 4 to 5 Stars. Since Version 1.2.3 the author has changed the wp_die “this has been disabled” Message to a 404 redirect. Thank you!

    • This topic was modified 1 year, 5 months ago by  ecksiteweb. Reason: Release of Version 1.2.3
Viewing 3 replies - 1 through 3 (of 3 total)
  • I agree. For now I’m going to hack the plugin myself to remove the message and just have a blank screen at /wp-admin/. A 404 error page is needed.

    I’ve got this to work by doing the following:
    in wps-hide-login.php at line 391 and 400 there are 2 instances of wp_die( __( 'This has been disabled', 'wps-hide-login' ), 403 );

    I replaced these with wp_redirect('https://www.yoursite.com'); exit;

    I’ve tested this and so far so good – but use entirely at your own risk.

    • This reply was modified 1 year, 5 months ago by  Plan9.
    Plugin Author NicolasKulka

    (@nicolaskulka)

    Hello,

    In the latest version of the plugin, we are returning a 404 error, please update the plugin.

    Cordially.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Almost perfect, but this message…….’ is closed to new replies.