Title: wp-register.php exposes login URL
Last modified: December 23, 2017

---

# wp-register.php exposes login URL

 *  Resolved [toshiamcbrowns](https://wordpress.org/support/users/toshiamcbrowns/)
 * (@toshiamcbrowns)
 * [8 years, 5 months ago](https://wordpress.org/support/topic/security-bug-9/)
 * Hi,
 * When we open wp-register.php in browser it redirects to wp-login page and reveals
   secret URL as well.
 * This is absolutely necessary to fix this else this plugin is useless for security.
 * Please help.

Viewing 11 replies - 1 through 11 (of 11 total)

 *  [Pala4833](https://wordpress.org/support/users/pala4833/)
 * (@pala4833)
 * [8 years, 5 months ago](https://wordpress.org/support/topic/security-bug-9/#post-9804669)
 * You should try that with an incognito window. I bet it’s just your browser autofilling.
 *  Thread Starter [toshiamcbrowns](https://wordpress.org/support/users/toshiamcbrowns/)
 * (@toshiamcbrowns)
 * [8 years, 5 months ago](https://wordpress.org/support/topic/security-bug-9/#post-9805338)
 * No its not browser problem..problem is with script..tried different browsers 
   as well.
 * Other users have also reported this..check old support threads..
 *  [lechon](https://wordpress.org/support/users/lechon/)
 * (@lechon)
 * [8 years, 5 months ago](https://wordpress.org/support/topic/security-bug-9/#post-9808391)
 * It’s true, I can confirm this, it does give away the secret URL by means of wp-
   register.php
    I tested under different browsers (all cache clear)
 *  [sum28](https://wordpress.org/support/users/sum28/)
 * (@sum28)
 * [8 years, 5 months ago](https://wordpress.org/support/topic/security-bug-9/#post-9826485)
 * I am also facing the same problem. The author should fix it, the secret URL gets
   exposed by wp-register.php
 *  [k-Dushi](https://wordpress.org/support/users/kadushi-marketing/)
 * (@kadushi-marketing)
 * [8 years, 4 months ago](https://wordpress.org/support/topic/security-bug-9/#post-9894594)
 * I’m waiting for an update to fix this.
 *  [Pat K](https://wordpress.org/support/users/blackcapdesign/)
 * (@blackcapdesign)
 * [8 years, 4 months ago](https://wordpress.org/support/topic/security-bug-9/#post-9915194)
 * If you’re not able or willing to wait for the developers to implement a fix for
   this problem, the following will work as a temporary (or permanent) fix:
    1) 
   install Redirection plugin ([https://en-ca.wordpress.org/plugins/redirection/](https://en-ca.wordpress.org/plugins/redirection/))
   2) create a redirect Source URL: /wp-admin/wp-register.php Target URL: index.
   php
 * Bit of a pain, but I tested it and it works.
 *  [Pat K](https://wordpress.org/support/users/blackcapdesign/)
 * (@blackcapdesign)
 * [8 years, 4 months ago](https://wordpress.org/support/topic/security-bug-9/#post-9915243)
 * Follow-up regarding Redirection: for the target URL you might have to specify
   the FULL path to your Home page (e.g. [https://www.sitename.com/index.php](https://www.sitename.com/index.php))
   or the full path to wherever you want to direct the “visitor”.
 *  Plugin Author [NicolasKulka](https://wordpress.org/support/users/nicolaskulka/)
 * (@nicolaskulka)
 * [8 years, 3 months ago](https://wordpress.org/support/topic/security-bug-9/#post-9966038)
 * I also constant the problem, I will find a fix.
 *  Plugin Author [NicolasKulka](https://wordpress.org/support/users/nicolaskulka/)
 * (@nicolaskulka)
 * [8 years, 3 months ago](https://wordpress.org/support/topic/security-bug-9/#post-9968716)
 * You have to give the right url.
 * example: /login?action=register or /login?action=lostpassword
 *  [swissspaceboy](https://wordpress.org/support/users/swissspaceboy/)
 * (@swissspaceboy)
 * [8 years, 1 month ago](https://wordpress.org/support/topic/security-bug-9/#post-10165880)
 * A fix for this ? I got hit by a vietnamese hacker. Don’t know how he found he
   secret URL…
    -  This reply was modified 8 years, 1 month ago by [swissspaceboy](https://wordpress.org/support/users/swissspaceboy/).
 *  Plugin Author [NicolasKulka](https://wordpress.org/support/users/nicolaskulka/)
 * (@nicolaskulka)
 * [8 years, 1 month ago](https://wordpress.org/support/topic/security-bug-9/#post-10174194)
 * * Fix : redirect wp-register.php
 * Version 1.3

Viewing 11 replies - 1 through 11 (of 11 total)

The topic ‘wp-register.php exposes login URL’ is closed to new replies.

 * ![](https://ps.w.org/wps-hide-login/assets/icon-256x256.png?rev=1820667)
 * [WPS Hide Login](https://wordpress.org/plugins/wps-hide-login/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wps-hide-login/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wps-hide-login/)
 * [Active Topics](https://wordpress.org/support/plugin/wps-hide-login/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wps-hide-login/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wps-hide-login/reviews/)

 * 11 replies
 * 8 participants
 * Last reply from: [NicolasKulka](https://wordpress.org/support/users/nicolaskulka/)
 * Last activity: [8 years, 1 month ago](https://wordpress.org/support/topic/security-bug-9/#post-10174194)
 * Status: resolved