iThemes Security (formerly Better WP Security)
[Plugin: Better WP Security] Some Issue with - Hide Backend Options (5 posts)

  1. anindyaray
    Posted 4 years ago #

    I am using this plugin , and very much satisfied ...
    thanks for this nice and helpful plugin .

    There is an issue I am facing with the Hide Backend Options.

    I have activated this option , and updated the wp-login.php redirect related plugin {DW Members Only plugin} as mentioned on that option page like $siteurl = get_bloginfo('url') . "/wp-login.php/?[thekey]&"

    but none of these pages , namely, wp-login.php , wp-login.php?action=register , wp-admin displays as login, register and admin respectively , instead they are displayed as

    http://www.mysite.com/wp-login.php/?[the key]&
    http://www.mysite.com/wp-login.php?[the key]&action=register
    http://www.mysite.com/wp-admin/?[the key]

    what needs to be done so that these login page, register page and admin page is displayed as



  2. B_Dark
    Posted 4 years ago #

    m2 to, any solution?! how i update the wp-login.php?!

  3. B_Dark
    Posted 4 years ago #

    Any news??

  4. mistaecko
    Posted 4 years ago #

    From how I understand the 'Hide Backend Options' feature it works like this:
    any request that goes to wp-login.php without the security key attached will be redirected to the 'not found' page. This is in order to shut out any malicious requests/attacks that target the login mechanism.
    Note that it does NOT redirect requests to wp-login.php to http://www.mysite.com/login (or whatever slug you chose). This would defeat its purpose (hide the login page).

    Any custom link that points to the login page and wants to use wp-login.php has to either add the security key OR point to the 'login' slug.

    Not sure why the plugin recommendeds to add the security key since it seems more convenient to just point to the login slug.

    If you point the login link in {DW Members Only plugin} to the login slug (http://www.mysite.com/login) it should work. However, it will then redirect to wp-login.php?[key] and this is what is displayed in the browser bar.

    The protection here is only to deter automated attacks that are scripted assuming a standard wordpress layout.

  5. livepulse
    Posted 3 years ago #

    This was a bug since 2.16. It is still broken for me on 2.18...

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic