WordPress.org

Support

Support » Plugins and Hacks » [Plugin: Better WP Security] Some Issue with – Hide Backend Options

[Plugin: Better WP Security] Some Issue with – Hide Backend Options

  • anindyaray
    Member

    @anindyaray

    I am using this plugin , and very much satisfied …
    thanks for this nice and helpful plugin .

    There is an issue I am facing with the Hide Backend Options.

    I have activated this option , and updated the wp-login.php redirect related plugin {DW Members Only plugin} as mentioned on that option page like $siteurl = get_bloginfo('url') . "/wp-login.php/?[thekey]&"

    but none of these pages , namely, wp-login.php , wp-login.php?action=register , wp-admin displays as login, register and admin respectively , instead they are displayed as

    http://www.mysite.com/wp-login.php/?[the key]&
    http://www.mysite.com/wp-login.php?[the key]&action=register
    http://www.mysite.com/wp-admin/?[the key]

    what needs to be done so that these login page, register page and admin page is displayed as

    http://www.mysite.com/login
    http://www.mysite.com/register
    http://www.mysite.com/admin

    http://wordpress.org/extend/plugins/better-wp-security/

Viewing 4 replies - 1 through 4 (of 4 total)
  • B_Dark
    Participant

    @b_dark

    m2 to, any solution?! how i update the wp-login.php?!

    B_Dark
    Participant

    @b_dark

    Any news??

    From how I understand the ‘Hide Backend Options’ feature it works like this:
    any request that goes to wp-login.php without the security key attached will be redirected to the ‘not found’ page. This is in order to shut out any malicious requests/attacks that target the login mechanism.
    Note that it does NOT redirect requests to wp-login.php to http://www.mysite.com/login (or whatever slug you chose). This would defeat its purpose (hide the login page).

    Any custom link that points to the login page and wants to use wp-login.php has to either add the security key OR point to the ‘login’ slug.

    Not sure why the plugin recommendeds to add the security key since it seems more convenient to just point to the login slug.

    If you point the login link in {DW Members Only plugin} to the login slug (http://www.mysite.com/login) it should work. However, it will then redirect to wp-login.php?[key] and this is what is displayed in the browser bar.

    The protection here is only to deter automated attacks that are scripted assuming a standard wordpress layout.

    livepulse
    Participant

    @livepulse

    This was a bug since 2.16. It is still broken for me on 2.18…

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Plugin: Better WP Security] Some Issue with – Hide Backend Options’ is closed to new replies.