Support » Plugin: Move Login » "Do nothing, redirect to the new login page" – gives away the hidden URL?

  • Hi,

    If we’re trying to stop the number of spam login attempts, then the default option for “Administration area” access doesn’t really help anyone.

    By default, the option for “When a not connected user attempts to access the administration area.” is set to:

    “Do nothing, redirect to the new login page”

    So if a bot tries to access wp-admin, instead of it failing, it will actually get redirect to the new hidden login page.

    Whats the point of that?

    It works better if you display an error message or redirect to home. By default you’re giving the hidden page away.

    Or am I missing something?

    https://wordpress.org/plugins/sf-move-login/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author ScreenfeedFr

    (@greglone)

    Hello.

    I can’t change this setting by default, it would be the first step to “Where is my login page?” 😉

    Ah ok. I assume you would recommend changing this setting once the new login page has been recorded then?

    Plugin Author ScreenfeedFr

    (@greglone)

    Why not. I’ll think about it for the next release.
    Thank you for the suggestion 🙂

    Plugin Author ScreenfeedFr

    (@greglone)

    The version 2.3 is out and should fix this issue. Well, I simply added a “not recommended” mention to the option.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘"Do nothing, redirect to the new login page" – gives away the hidden URL?’ is closed to new replies.