Support » Plugin: Hide My WP Lite » Be Careful!

  • Hi,

    In general I like this plugin a lot, it is easy to use and it does its job. But it’s simplicity also makes it “dangerous”:

    Changes are easy to miss!
    When you activate the plugin, it immediately redirects to /login (as default) that means, even if you did not actively open the plugin it already changes your login.

    And when you switch to use a specific key in the url like /blabla=abcd and save it, it remembers this url (or the redirect) even when you DEACTIVATE the plugin!

    Very easy to miss this fact. Just imagine you activated it, but you get interrupted and have no time to see that your configuration is already changed to an unknown (to you) login page.

    Therefore, suggestions:

    • 1. Give it an “activate ON / OFF” switch in the settings and make “OFF” the default
    • 2. when you deactivate the plugin, deactivate also the key in the URL and the redirection.
    • 3. Give it a reset button, to get the WP default back.
    • Right now I have no idea how to get rid of it in case I would want to go back to the normal wp-login. Could I just uninstall it? Be careful.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support sumanexp

    (@sumanexp)

    Hi, thanks for reaching out to us and for your valuable feedback.

    When you activate the plugin, it immediately redirects to /login (as default) that means, even if you did not actively open the plugin it already changes your login.
    >> It does change the login path but you’ll be alerted regarding it right before applying the settings in HMWP so that you are aware of it.

    And when you switch to use a specific key in the url like /blabla=abcd and save it, it remembers this url (or the redirect) even when you DEACTIVATE the plugin!
    >> The login secret key will be active only when HMWP is active. Once HMWP is deactivated the login secret key doesn’t make any sense, whether you attach it to wp-login.php or not. You’ll simply be able to access login page via /wp-login.php

    Right now I have no idea how to get rid of it in case I would want to go back to the normal wp-login. Could I just uninstall it?
    >> Yes, as you mentioned, you can click on ‘reset settings to wp’ button. Also, you can deactivate the plugin and you shall be able to access the default login page and then login.

    Regards!

    Thread Starter httpscore

    (@httpscore)

    Hi,

    thx for the reply (missed that earlier sorry).

    1) yes, but it does so automatically after activating and the user not doing anything actively in the settings of the plugin. So if I just leave the session after activating I would not be able to login via the normal wp path because it already got changed. I really highly recommend to not change it just because it got activated. Do so after an active click on “Change Now” or similar.

    2) I thought so too, but I deactivated it and tested if I can use it without the secret / specific key. I could not, I still had to use it. My guess it was still in the cache?

    3) thx again, I really like your plugin, but as said in 2) in my case, after deactivating, it still pointed to the secret key.

    Best regards!

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this review.