WordPress.org

Support

Support » Plugins and Hacks » Stealth Login Page » [Resolved] Why the change? 4.0

[Resolved] Why the change? 4.0

Viewing 15 replies - 1 through 15 (of 32 total)
  • Plugin Author Jesse Petersen

    @peterdog

    Because 90+% of the tickets on here have to do with some other plugin or some other feature like password-protected pages not knowing what to do with a login page that is no longer there. The primary function was to kill bot attacks and now that I have done this, I will have the option in v5 to give people the option.

    Let’s see which one works best for the masses and then let people choose.

    If you clear out that field, you will get your old settings back. You may want to use the variables in the wp-config.php method, though, so you can control your question, answer, and redirect there. (because it’s backwards compatible – and the notes said you didn’t have to change methods)

    Thanks for the answer Jesse.

    I guess it depends on the usage, but one of the best bits in our opinion was the missing login page.

    I would be happy to see the option to have it one way or the other.

    Is the last 3.x version still compatible with the current WP?

    Thanks for the great plugin in )

    Plugin Author Jesse Petersen

    @peterdog

    Let me see if I can work it into a 4.1.0 in the next 2 weeks for you and those who will miss it. I can assure you that it will be a major pain in the butt if you spend any time in the dashboard.

    WP 3.6+ (if you are on a bleeding edge version on any dev site, they’ve already pushed out 3.7-alpha due for release in October and 3.8 in December) has the Heartbeat API, which brings up a pop-up login form when you’ve had session inactivity. When that pops up, that form is pulled from wp-login.php, which is a redirect, so bye-bye from whatever you were just working on. Time to go back to your hidden login, log back in, and navigate back to where you were.

    It personally drove me nuts for 2 months knowing it was coming for everyone using the plugin (see download stats to see my anxiety).

    http://wpmu.org/wordpress-3-6-the-new-heartbeat-api/

    I did find a way to disable the Heartbeat API and forwarding of addresses like /login and /dashboard and /admin to various locations in the install, so perhaps those as options, also, would make for a comprehensive settings page.

    I’ve got 4 or 5 full-site projects backed up and a deadline on one today and another next Friday, so it’ll be at least 10 days. A few hefty contributions will aid in sitting down and re-coding those options. This was the result of 2 months of thinking and researching, 5 hours of re-coding the entire plugin for efficiency, and 5 hours of squashing the backward-compatibility issue for people who haven’t been to the Settings page yet.

    i also liked the prev version more

    Plugin Author Jesse Petersen

    @peterdog

    Your vote counts. 🙂

    I’ve already decided this morning to add the option on the settings page because I realized… it’s not a stealth login page now. I believe it will work better against bots, but I do need to re-hide it and let those (possibly few) people who have issues with redirects to use the new method.

    Please feel free to use 3.0.0, as it was working pretty good for at least 6-8 weeks without updates. You will be frustrated in WP 3.6 per above.

    Thanks Jesse.:) You work is much appreciated..

    Pop-up login!!! Ahhhhh ! No wonder you are frustrated.. IMO popup logins are a giant PITA.

    As I said we were really happy with V3.x and we will continue to use it as long as we can.

    Good luck with the new versions.

    G

    PS – Everyone – support your developers! 🙂

    I like the authorization code. It does solve other issues I’ve alluded too prior.

    Food for thought.
    I do think you should look at CAPTCHA which I “force” all of my client to install.

    With the new authorization code option, it seems to me your plugin and CAPTCHA might have sort of redundized each other?

    +++
    I see no donation option within your plugin options page- get that done now!
    +++

    I also very much liked the method utilized in version 3.0 because it didn’t load the page at all. We’re concerned about the security aspect, but more than anything the page requests were hurting our server performance.

    It would be great if people had the option to choose which method to use.

    Thanks again for the plugin. We love it.

    Jonathan

    Plugin Author Jesse Petersen

    @peterdog

    I am adding in the option to choose just as soon as I launch things with immediate deadlines. It will be the best of both worlds. To get that option back, just clear out the auth code field and it will revert to previous behavior or add the variables to wp-config.php:
    $slp_redirect = “item”;
    $slp_question = “item”;
    $slp_answer = “item”;

    Hack Repair Guy – I didn’t have time to put the link in the dashboard in case WP 3.6 dropped – the link is here on the repo under my developer name in the sidebar or https://www.petersenmediagroup.com/contribute/

    Hello Jesse,

    TBH, I don’t understand how the plugin can be useful with the lock code. It just adds a layer to the login process but doesn’t prevent bots from trying to brute force it, which was the initial purpose. So yeah, a choice to roll back to the previous behavior would be appreciated. 😉

    To get that option back, just clear out the auth code field and it will revert to previous behavior

    Can’t do that. When I try to save the settings with an empty box, it complains about the box being empty and won’t save. :/

    Plugin Author Jesse Petersen

    @peterdog

    Yes, I’m considering rolling out 4.0.1 today to fix that bit. 4.1.0 is underway but I have a strict deadline to do a site start to finish by Friday.

    If you have access to FTP, edit the settings-page.php fields by searching for “required” and deleting them. That will kill the complaining of empty fields. Just be sure you have the 3 fields filled in.

    Hi,

    I am also voting for the old “stealth” function to be added back.
    I was using your plugin to hide the login page as I noticed various brute force attacks were having a heavy impact on my website CPU/Memory.
    Hiding the login page stops those attacks and free up the CPU!

    By the way, I tried to remove the AUTH code from your plugin settings (4.0.0), thinking it would bring back the old feature, but it doesn’t let me save the settings if there is no auth code value.

    I’ll wait for your update 🙂

    Would like to say I also miss this feature!

    wp-login.php?question=answer — was very original! I’ve found no more plugins with such feature, that was the reason I used your plugin together with complex plugins, solving many security problems “all-in-one”, which have their own “not original” way to hide login page!

    Will be very glad to see it again!

    Thank you for your work!

    Just another vote for the old functionality, the new version doesn’t really achieve what I installed it for, so having the option to choose would be useful.

    Great plugin though, thanks!

    Plugin Author Jesse Petersen

    @peterdog

    Thank you. I’ve got a good portion of the code in place now – just launching sites to pay the bills and then I’ll make 4.1.0 something everyone will like.

    Bugsland, if you remove “required” from the input fields in the setings-page.php file, then the page should save with empty fields.

Viewing 15 replies - 1 through 15 (of 32 total)
  • The topic ‘[Resolved] Why the change? 4.0’ is closed to new replies.
Skip to toolbar