• Resolved daljitpattarsingh

    (@daljitpattarsingh)


    Hi there, I want to inform you guys that I just changed the default URL of the login page. And because of that, Looks like the login page protection has not been working.

    My website is https://www.khalsa-website-designers.net/ and if you try to open the default login page, you will not see that page anymore.

    Is there any way, we can give the new login URL to Ninja Firewall?

    I mean, if this feature is not built-in by default then is there any rule/code available/created by you guys.

    When we will be updating the plugin to the new version, that code should stay.

    I have nearly 10 sites where I want to apply the same change. If there is any pricing to create that kind of code built-in Ninja Firewall’s plugin, I can pay for it, if it can be affordable and one time pay.

    It will help me and everyone in the future who would like to change the default WordPress login URL to prevent bots from eating the RAM/CPU every day on our VPS server.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author nintechnet

    (@nintechnet)

    It isn’t needed because if hackers found the secret URL (they aren’t supposed to, are they?) and attacked it, the request would be forwarded to the real login page and that would trigger the firewall login protection.

    The firewall can only and safely protect the real page. If you added code to protect the fake one, you would need to rely on REQUEST_URI, which is totally unreliable and unsafe because it’s a user input.
    That shows the difference between protecting and hiding 🙂

    Thread Starter daljitpattarsingh

    (@daljitpattarsingh)

    Hi there, thank you for the reply. Looks like I asked the question the wrong way. Let me clear my question.

    I want to change the URL of the login page. I can do it with the help of a plugin.

    Now, the issue is if I change the login page’s URL, then NinjaFirewall does not offer its protection on that login page.

    I do not want to just hide the login page, I want to protect the new login page’s URL with Ninja firewall too.

    Any Luck?

    Plugin Author nintechnet

    (@nintechnet)

    You can’t do that. As mentioned in my previous message, you will rely on the unsafe REQUEST_URI variable, but NinjaFirewall will always rely on SCRIPT_NAME because it is safe and isn’t a user input.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.