Title: WordPress redirect bypasses plugin Last modified: August 21, 2016 --- # WordPress redirect bypasses plugin * Resolved [mwarbinek](https://wordpress.org/support/users/mwarbinek/) * (@mwarbinek) * [12 years, 3 months ago](https://wordpress.org/support/topic/wordpress-redirect-bypasses-plugin/) * I really feel like a guinea pig in all this. I found another hack to your plugin. * A new hack I found is when someone types a URL as follows: * “[http://(sitename.com)/WordPress/wp-admin/edit-comments.php”](http://(sitename.com)/WordPress/wp-admin/edit-comments.php”);, * they are redirected to the login page showing the renamed login. I tried a few others, some worked the same way (redirected to the login), others failed. * I noticed that the recent hack attempt to my site because my security sends a warning email to me for every login page access. This email showed a blank referral. Normally, the referral would show the URL the person used to access the login page, but it was blank. * I had no idea how a hacker was accessing the login page, bypassing your plugin and giving a blank referral. * Then today, it so happened that I was replying to a visitor to my site, a comment he made and my security plugin sent me an email when I accessed comment page via my dashboard, yet at that time, I was not redirected. But, when I used the URL directly into my browser, WordPress redirected me to my login. Viola, I got the warning email and the referral was blank. * With some research, I found that WordPress designed the blog software to redirect incomplete URL’s and other non-related URL’s. I tried some mods to php files to stop the redirect and all failed to stop the redirect to the login page. * Any suggestions? * [https://wordpress.org/plugins/rename-wp-login/](https://wordpress.org/plugins/rename-wp-login/) Viewing 6 replies - 1 through 6 (of 6 total) * Thread Starter [mwarbinek](https://wordpress.org/support/users/mwarbinek/) * (@mwarbinek) * [12 years, 3 months ago](https://wordpress.org/support/topic/wordpress-redirect-bypasses-plugin/#post-4623388) * Does anyone have an answer to this issue? * I am still getting hackers to my login page with this problem. * Thread Starter [mwarbinek](https://wordpress.org/support/users/mwarbinek/) * (@mwarbinek) * [12 years, 3 months ago](https://wordpress.org/support/topic/wordpress-redirect-bypasses-plugin/#post-4623389) * Here again is the problem. * When a hacker types in the URL like this: **“[http://(sitename.com)/WordPress/wp-admin/edit-comments.php”](http://(sitename.com)/WordPress/wp-admin/edit-comments.php”);,** * WordPress redirects him to my login page and the URL redirect looks like this: **“ [http://(sitename.com)/(my](http://(sitename.com)/(my) renamed login name)/?redirect_to =http%3A%2F%2F(sitename.com)%2FWordPress%2Fwp-admin%2Fedit-comments.php&reauth =1”** * It appears to resolve this, maybe change the redirect URL to somewhere else or change the “reauth=1” to another authorization code number so the hacker does not get the login page? * Anyone have ideas? (PS I am not fully versed in PHP so this is why I am asking here) * Plugin Author [Ella Van Durpe](https://wordpress.org/support/users/ellatrix/) * (@ellatrix) * [12 years, 3 months ago](https://wordpress.org/support/topic/wordpress-redirect-bypasses-plugin/#post-4623393) * I tried several websites and I can’t reproduce this. What other plugins do you have installed? Which other setting do you think might be causing this? Any special comment settings or website configuration? * Thread Starter [mwarbinek](https://wordpress.org/support/users/mwarbinek/) * (@mwarbinek) * [12 years, 3 months ago](https://wordpress.org/support/topic/wordpress-redirect-bypasses-plugin/#post-4623403) * Ok, your right. I should have thought of that before posting. * The plugin that conflicts with your “rename login” is: * > “WPtouch Mobile Plugin” * Sad, because that plugin allows people to view my blog from a cell phone. * Oh well, I will let them know and in the mean time find something else to use. * Now that I deactivated the “WPtouch Mobile Plugin” I get an error page that says I have to be logged into admin to access that php file. That is good. No more redirects to my login page. * Of course, I will keep you up to date on new hack attempts, after all I am the official guinea pig now. * 🙂 * Mark * Thanks * Plugin Author [Ella Van Durpe](https://wordpress.org/support/users/ellatrix/) * (@ellatrix) * [12 years, 3 months ago](https://wordpress.org/support/topic/wordpress-redirect-bypasses-plugin/#post-4623404) * Well, I appreciate your help with detecting these things. Just address the issue on their forum, that’s weird behaviour for a mobile plugin. * Thread Starter [mwarbinek](https://wordpress.org/support/users/mwarbinek/) * (@mwarbinek) * [12 years, 3 months ago](https://wordpress.org/support/topic/wordpress-redirect-bypasses-plugin/#post-4623405) * Welcome, that is what a guinea pig is for 🙂 * I just finished posting in their help forum for that plugin. * Thanks Mark Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘WordPress redirect bypasses plugin’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/rename-wp-login.svg) * [Rename wp-login.php](https://wordpress.org/plugins/rename-wp-login/) * [Frequently Asked Questions](https://wordpress.org/plugins/rename-wp-login/#faq) * [Support Threads](https://wordpress.org/support/plugin/rename-wp-login/) * [Active Topics](https://wordpress.org/support/plugin/rename-wp-login/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/rename-wp-login/unresolved/) * [Reviews](https://wordpress.org/support/plugin/rename-wp-login/reviews/) * 6 replies * 2 participants * Last reply from: [mwarbinek](https://wordpress.org/support/users/mwarbinek/) * Last activity: [12 years, 3 months ago](https://wordpress.org/support/topic/wordpress-redirect-bypasses-plugin/#post-4623405) * Status: resolved