hce

To prevent /login, /admin, /wp-register.php, and /wp-signup.php from revealing the custom login url I did as @bonham suggested and added them to line 592 in lockdown-wp-admin.php. So this is what I have:

if ( $super_base == ‘wp-login.php’ || $super_base == ‘login’ || $super_base == ‘admin’ || $super_base == ‘wp-register.php’ || $super_base == ‘wp-signup.php’ )

and it now returns a 404 for those pages.

I tried adding /wp-admin/async-upload.php to that but it didn’t work. Any suggestions on how to prevent /wp-admin/async-upload.php from revealing the custom login url?

Also, I have the multiple tlds for my domain.

Example: mydomain.com, my domain.net, mydomain.org, mydomain.biz, etc…

My main website is mydomain.ORG. But I have the .net, .com, .biz, etc. redirecting to mydomain.org. I have the redirects set up so that if you go to mydomain.COM/contact it redirects you to mydomain.ORG/contact.

Using your plugin, when I go to mydomain.ORG/wp-login.php I get the 404 page. But when I go to mydomain.COM/wp-login.php it redirects to mydomain.org/wp-login.php and shows the login form.

How can I prevent this and get it to show the 404 instead?

Thanks!

Another suggestion:

Fix the security breach with the logout url.

The hide backend doesn’t appear to be effective as when you enable it, but then go to example.com/wp-login.php?action=logout it brings you to a page that asks you if you want to log out and if you click on “log out” it brings you to the login page that reveals your secret key. So in effect, it does not hide your backend because anyone can find your backend just by going to the standard logout url.

This is happening to me too. When I go to mydomain.com/login it redirects me to the custom login url I created. Also, initially I created the custom url mydomain.com/admin to login at. The I changed it to mydomain.com/something else. But when I go to /admin now it redirects to /wp-admin.

Please advise.

I too am receiving the same error. The first time I tried to generate a backup the error message pointed to line 113 on process.php. The second time I tried to generate a backup the error message pointed to line 714 on process.php.

If anyone can come up with a fix, please post it!

Thanks!

You’ll find the login screen on whatever url you tell the plugin to put it on. This plugin allows you to change /wp-admin to whatever you want.

Yes, there is an apparent conflict between the “Better WP Security” (http://wordpress.org/extend/plugins/better-wp-security/) plugin and the “All-in-One-Calendar” (http://wordpress.org/extend/plugins/all-in-one-event-calendar/) plugin. Anyone been able to find a resolve?

When I go to /wp-admin/ I get this error message at the bottom of the 404:

Fatal error: Call to undefined function get_current_screen() in /home/user/public_html/wp-includes/admin-bar.php on line 426

What is causing that error?