EASY Bypass of plugin – | WordPress.org

Resolved david
(@dskirk)

12 years, 4 months ago

Hello,
I posted a week or so ago about someone bypassing the plugin and we discussed a bit and decided to wait for more info. I read the recent post of Mark about using dummy wp-login.php files…. but I also noticed something in my website’s logs that triggered a test…

1. take any URL from a site using the plugin
2. append it with //wp-login.php (that’s TWO slash marks)
3. and you’re brought to the login page.

Mark’s fix does not address this. I tested on a couple of my sites and it was consistent. I hope this can be fixed quickly as that seems to be how hackers are still able to locate my site. Thanks,
david

http://wordpress.org/plugins/rename-wp-login/

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Author Ella Van Durpe
(@ellatrix)

12 years, 4 months ago

You’re right. Thanks for reporting this. I’ll see if I can fix this immediately.
I’m sorry in the meantime…

Plugin Author Ella Van Durpe
(@ellatrix)

12 years, 4 months ago

Should be fixed in 2.2! 🙂 See the other post you replied to.

Thread Starter david
(@dskirk)

12 years, 4 months ago

I appreciate what you’re doing. This plugin is the only one that gives real login security and I admire that you respond so promptly to support questions. Thank you.
david

Thread Starter david
(@dskirk)

12 years, 4 months ago

It WORKS!!!!! I updated my two sites and all is well. Thank you, thank you, thank you. Just terrific support. Regards,
david

Plugin Author Ella Van Durpe
(@ellatrix)

12 years, 4 months ago

Haha. 🙂

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘EASY Bypass of plugin –’ is closed to new replies.

5 replies
2 participants
Last reply from: Ella Van Durpe
Last activity: 12 years, 4 months ago
Status: resolved