WordPress.org

Forums

Rename wp-login.php (unmaintained)
[resolved] Tiny critical error (10 posts)

  1. Tim Brugman
    Member
    Posted 1 year ago #

    Hi. I'm getting an undefined offset 1 at line 496 in rename-wp-login.php. Could you patch this? It requires an isset().

    Thanks!

    https://wordpress.org/plugins/rename-wp-login/

  2. Ella Iseulde Van Dorpe
    Member
    Plugin Author

    Posted 1 year ago #

    Which version of WordPress are you running? Could you var_dump( $GLOBALS['wp_version'] );? If you get this error it means it doesn't have a minor version number, which is weird...

  3. Tim Brugman
    Member
    Posted 1 year ago #

    That var outputs 3.8.1, but I'm also running a security plugin which might obscure the version number when obtained through a WP function.

  4. Ella Iseulde Van Dorpe
    Member
    Plugin Author

    Posted 1 year ago #

    It's not obtained through a function... Could you var_dump it just were the plugin is giving a notice? Sorry, I really need to know why there is unexpected output there. I'm also guessing that when you go to your login page, there's something wrong with the stylesheets? You're running rwl-login-3.9.php instead of rwl-login-3.8.php.
    I'd be really grateful if you could check, because this is pretty critical for future WP versions...

  5. Tim Brugman
    Member
    Posted 1 year ago #

    No problem. I can confirm the security plugin hides up the version when pre-printed from within the plugin. This is just me F5ing: http://i.imgur.com/X076sLX.png Could you make it work with a fake version number?

  6. Ella Iseulde Van Dorpe
    Member
    Plugin Author

    Posted 1 year ago #

    That's bad. No plugin should change that. Unfortunately this plugin requires 3.8 and uses different files based on the version. If your security plugin changes it to a version lower than 3, this plugin will not work at all because of

    if ( version_compare( $wp_version, '3.8', '<' ) ) {
    
    	return;
    
    }
  7. Tim Brugman
    Member
    Posted 1 year ago #

    It's a feature of Better WP Security (soon iThemes Security), they warn it might break plugins so I can't fault either of you but I value the vulnerability it patches.

    To make rename wp-login compatible I would check if there is a sub-version, if not, disregard the version and assume its running the latest WordPress.

  8. Ella Iseulde Van Dorpe
    Member
    Plugin Author

    Posted 1 year ago #

    Not easy to do. I added 3.9 compatibility before 3.9 gets released. So the latest version would be 3.9, but you're running 3.8. So I'd have to manually change the version on the date of the release or after (will cause breakage), or guess the date and time WordPress upgrades itself (impossible). All I can say it's a very bad idea to change the version number. A lot of things rely on it, even in core. If you want to hide the version, you should just make sure it's not revealed on the front-end. You should hide the generator tag and query strings attached to scripts.

  9. Ella Iseulde Van Dorpe
    Member
    Plugin Author

    Posted 1 year ago #

    I'll fix this problem, but by fixing it, it will be unusable if you change the version. I'll have to require a minor version number.

  10. Tim Brugman
    Member
    Posted 1 year ago #

    I see, I didn't think about the 3.9 part. For now I've disabled the security feature. Thanks for your very speedy help. :)

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Rename wp-login.php (unmaintained)
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic