Hide Login+
hide-login has url vulnerability/hack (6 posts)

  1. elanio
    Posted 3 years ago #

    I am using this plugin which is pretty nifty. I did notice however, that there is a slight vulnerability in the URL that can allow someone to bypass it if they get a part of the URL correct.

    For example.

    http://www.example.com/login is what I have it set to.

    if I were to put this:
    'www.example.com/loginnowbecauseisayso' I would be able to get in. This URL regex schema is not 100%


  2. esmi
    Forum Moderator
    Posted 3 years ago #

    So not a security issue, per se, but more of a "this plugin doesn't hide the login 100%", yes?

  3. elanio
    Posted 3 years ago #

    Sure, you could look at it that way. I say security/hack because if someone has a really plain login scheme:

    one would simply find it. But to what you said, yea, it does not hide it 100%.

  4. esmi
    Forum Moderator
    Posted 3 years ago #

    Sorry for the semantics. I'm not associated with the plugin in any way but we take report of plugins (say) exposing XSS-scripting holes very seriously and try to act quickly to remove such plugins and notify the authors. In this case it's more that the plugin isn't doing its job properly - which, I agree, is an issue for the plugin's author & users but has no practical impact on WordPress security in general.

    As I've now effectively de-railed your topic, I will happily close this one if you want to post a fresh topic for the plugin author's attention. But I'd be grateful if you would keep words like "hack" and "vulnerability" out of the topic's subject. Otherwise, another forum mod like myself might become concerned and start checking all over again.

    Your call..

  5. elanio
    Posted 3 years ago #

    Touche, and dully noted. The Dude abides :)

  6. parswp
    Plugin Author

    Posted 3 years ago #

    Please check new version. every thing should work fine.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Hide Login+
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic