Hi, I have never used Wishlist member plugin before. Did you speak to the Wishlist member plugin developers about this issue?
Thread Starter
JJ
(@jdagan)
Hi @mbrsolution. Thanks for your help.
I don’t think it is related to to Wishlist Member.
The problem arise from that there are WordPress users who shouldn’t know about the secret admin login URL.
I just checked the code for the login-in widget I’m using and it seems that the POST is also exposing the secret URL.
I think it turn into a wider question. How do you distinguish regular users from admin? The regular users shouldn’t know about the secret admin login URL.
Can I use one login URL (and Password reset URL) for regular users and another URL for admins?
Thanks.
The problem is related to having users login in as members of your site “Not related to your membership plugin”. If they need to recover the password then the secret word will always be displayed. That is why I always encourage people to use a membership plugin if they are going to use the rename login Brute Force feature in the security plugin and they have members login in.
Let me know if you understand what I mean.
Regards
Thread Starter
JJ
(@jdagan)
@mbrsolution Now I understand.
I will go to the membership plugin support and ask there for a solution.
I Appreciate your help.
You are most welcome. Let me know how you go.
Regards
Secret Url revealed after Max Login Attempts
For example: http://www.yoursite.com/yourcustom wp login: monkey
When a user fails, this secret Url is reveled. I think that is it a problem :/
So please, configure your plugin to NOT show this secret login url.
Other think, this message is very short:
ERROR: Access from your IP address has been blocked for security reasons. Please contact the administrator.
Maybe:
ERROR: Access from your IP address has been blocked during 30 minutes for security reasons. Please contact the administrator to: youremail@email.com
(Here the Admin can put whatever email that he or she wants. Login Options / Email… you know)
-
This reply was modified 7 years, 3 months ago by livingflame.
(@livingflame), I have replied to your other thread.
Thank you