Support » Plugin: Stealth Login Page » Multisite desgn

  • First, props for continued development on your plugin.

    I have a suggestion for handling activation on a WP network. I think if the plugin is network activated, then the settings for the plugin should appear on the network settings menu, not on the settings menu for each site. This would enable network-wide management of the plugin. In a perfectly customizable world, there could be a configuration option when the plugin is network activated to also give site admins the ability to customize/override the network settings, where those settings would appear on the site settings menu, but I’d have this turned off by default. However, if that configuration option didn’t exist, then there would be no settings on the site admin menus and use of your plugin when network activated would be limited to super admins.

    In my experience, most WP network operators opt for network-wide activation when they want centralized management of options. In most instances, if a plugin is network activated, they don’t want settings on the site admin menu.

    A lot of security plugins (such as the login limiters you mention) follow your approach to settings, and I think that’s less than ideal and makes adoption/management on a network harder.

    http://wordpress.org/extend/plugins/stealth-login-page/

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Contributor Jesse Petersen

    (@peterdog)

    Thank you for the feedback. I have figured out how to do that. It will go in 4.0 unless it’s so critical at this point to not wait for my extensible 4.0 release. 4.0 will allow me to create a 3rd-party marketplace like EDD and RCP Pro and I’ll be releasing a 100% blocker as a premium add-on.

    Can you hold off 2-3 weeks?

    Thanks for the follow up. Of course, I’ll wait. FYI, happy to spend $ provided it is network compatible (my only interest, actually), and consistent with the approach I outlined in my original post.

    Since you’re a Genesis guy (as am I), I haven’t even thought about how your plugin might interact with the shortcode such as footer_loginout.

    We run a managed WP hosting environment on nginx, so we could redirect any calls to wp-login.php without parameters to a page on our site with a very long cache life (which could be served via nginx without ever loading PHP). That would save server load as well as keep attackers away from our login page.

    Plugin Contributor Jesse Petersen

    (@peterdog)

    WP Engine has some hidden nginx scripts that do a portion of what my plugin does. I was working closely with them to resolve multi-site issues to clear their tickets when they pushed out the script. I can’t share the gist because it’s private, but there are 2 scripts.

    I disabled the Logout and Lost Password URL filtering because it was causing unintended consequences with ecommerce and membership plugins that also filter the URLs. That means that those who don’t have those installed have issues, but if you need to reset your password or need to logout, well, you just get redirected and go back to the secret URL unless you disable the plugin.

    Plugin Contributor Jesse Petersen

    (@peterdog)

    4.0 update – I’ve been preparing for WP 3.6 and Genesis 2.0 in a lot of fronts, so this will be a little late to the party. If you don’t want to be bothered with the Heartbeat API requiring re-login and redirecting in the process, hold off on 3.6 just a while.

    Andrew Nacin has pointed me in the direction I need to go to filter out those logins.

    Plugin Contributor Jesse Petersen

    (@peterdog)

    4.0.0 is out today. It still uses the wp-config.php option because I had a typo that I had found out how when that statement is missing a “not” in there.

    The trick is that IF this is multisite, then the menu item is one place, else another.

    I do have a function for MS:
    if (function_exists('is_multisite') && is_multisite()) {
    so I could put the menu functions there, but I’d have to test it on a number of configurations before I release that.

    Thanks for the follow up.

    If you want to test unreleased code on multisite, happy to help. I can create a site on our 3.7a network and give you admin credentials. Has DEBUG on and several debug-friendly plugins. Can’t give super admin, though, and you’d have to email code or provide a link, because we only do updates via SSH, not via dashboard. If interested, I follow you on Twitter as wpperform, so you can follow me and DM whatever info you want.

    Plugin Contributor Jesse Petersen

    (@peterdog)

    Sent you a DM.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Multisite desgn’ is closed to new replies.