Hi,
Patchstack has detected on November 23, 2023 this security vulnerability in your plugin:
Hide Login Page <= 1.1.9
This is the security vulnerability that was discovered by Patchstack:
Bypass Vulnerability
This is the Patchstack link where you can check the security vulnerability report:
I ask you to kindly resolve this problem relating to the security of your Hide Login Page plugin as soon as possible, thank you.
I look forward to your response and thank you in advance for your support.
]]>Доброго времени суток. Поставила плагин – Скрыть страницу логина и админку WordPress
Прошло 6-7 часов – не могу зайти в админку / в том числе и по ссылке, которая пришла на почту
Среди заблокированных ip адресов – свой адрес не вижу
WordPress 6.4.3
]]>Hello.
The plugin works, but contains a bug that blocks access to regular pages created by the user.
We use:
WordPress 6.3.2.
Plugin – Hide login page and admin area of WordPress
Author: Webcraftic. Version 1.1.9
Problem:
Activating the “Hide login page” option in the plugin blocks access not only to wp-login.php and wp-signup.php, BUT also to a regular page that has the URL – /login (page – /login) .
How to avoid mistakenly blocking access to the URL /login?
]]>When updating this plugin from 1.1.7 to 1.1.9 the plugin fails and breaks.
Had to roll back to 1.1.7
Notice this plugin is now locked due to “need of full review”
Hope this matter is resolved and that 1.1.9 can be fixed to correct whatever issue caused the login redirects to stop working and revert back to wp-login
Hi,
We just tested updating to the latest version and get this error below:
Got error ‘PHP message: PHP Fatal error: Uncaught Error: Call to undefined function is_user_logged_in() in /public_html/wp-content/plugins/hide-login-page/includes/classes/class.configurate-hide-login-page.php:248
Can you please correct this, thanks
Hi, if I select redirect to and enter my link, it always gives me a 404
thanks
]]>My website login page show this message:
Warning: Undefined variable $user_login in /public_html/wp-login.php on line 1512
Warning: Undefined variable $error in /public_html/wp-login.php on line 1534
WordPress is update to v 6.2.2
]]>
Hi dear,
I’m Thomas from WP Umbrella.
We’ve detected an incompatibility with your plugin and haven’t found any filters available to us to graft and make us compatible with you.
To do this, we’d have to intervene in the same place as you do with Itheme:
/**
* The method checks the compatibility of the plugin with php and wordpress version.
*
* @since 4.1.1
* @return bool
*/
public function check() {
// Fix for ithemes sync. When the ithemes sync plugin accepts the request, set the WP_ADMIN constant,
// after which the plugin Clearfy begins to create errors, and how the logic of its work is broken.
// Solution to simply terminate the plugin if there is a request from ithemes sync
// --------------------------------------
if ( defined( 'DOING_AJAX' ) && DOING_AJAX && isset( $_REQUEST['action'] ) && $_REQUEST['action'] == 'ithemes_sync_request' ) {
return false;
}
if ( isset( $_GET['ithemes-sync-request'] ) && ! empty( $_GET['ithemes-sync-request'] ) ) {
return false;
}
// ----------------------------------------
if ( ! $this->check_php_compat() || ! $this->check_wp_compat() || $this->plugin_already_activate ) {
return false;
}
return true;
}Thanks for your help
Gmulti
]]>Your plugin conflict plugin?Simple Cloudflare Turnstile — The new user-friendly alternative to CAPTCHA((
im use?Simple Cloudflare Turnstile — The new user-friendly alternative to CAPTCHA?and don’t work Woocommerce Reset Password page(?
Fix please! Your plugin best
]]>Hello
I tried to download your plugin from the WordPress search plugin list page, but this download failed.
Is this temporarily or has the plugin maintainance stopped? Or does it already conflict with other security plugins perhaps while downloading it?
]]>We have this warning with the last version 1.1.6.
[186569] [162.158.62.137:15586:HTTP2-805#wordpress] [STDERR] PHP Warning: Undefined array key “path” in /var/www/html/wp-content/plugins/hide-login-page/includes/classes/class.configurate-hide-login-page.php on line 128
]]>I have received an email:
Hi!
As of WordPress 5.2, there is a built-in feature that detects when a plugin or theme is responsible for an error on your site and notifies you through this automated email.
In this case, WordPress has found an error in one of your plugins, Webcraftic Hide login page.
…
Details of error
================
An error of type E_PARSE occurred in line 464 in the file /home/www/ronnespejder.dk/wp-content/plugins/hide-login-page/libs/factory/templates/pages/templates/impressive/class-page-template- impressive.php. Error message: syntax error, unexpected ‘>’
What shall I do?
]]>After a few months of use, this plugin got me a 404 error on one website (although I use this plugin on many other sites, and the other plugins are the same for all sites).
]]>Hi.
I receive requests from hackers :
2022-06-22 08:39:58 Warning 193.233.191.133 mod_fcgid: stderr: PHP Warning: Undefined array key “path” in /wp-content/plugins/hide-login-page/includes/classes/class.configurate-hide-login-page.php on line 123, referer: https://www.google.com Ошибки Apache
2022-06-22 08:39:58 Warning 193.233.191.133 mod_fcgid: stderr: PHP Warning: Undefined array key “path” in /wp-content/plugins/hide-login-page/includes/classes/class.configurate-hide-login-page.php on line 128, referer: https://www.google.com Ошибки Apache`
Please see if there is a vulnerability in this file?
Thanks
Since the new 1.1.5 update all my websites are blocked, how can I download version 1.1.4
]]>We use this across a multitude of sites. None of them are allowing login when updated to 1.1.5., especially when using softaculous or MainWP to login. It throws a critical error.
As well, our customers who use Give WP, it blocks it from working and throws a critical error when submitting payments.
Had to downgrade all sites to 1.1.4 and block further updates.
]]>The previous version and the new one generate a fatal error when visiting the admin url from within private browsing: https://www.domain.com/wp-admin
An error page is presented in the frontend and the debug.log says:
[22-Mar-2022 10:08:41 UTC] PHP Fatal error: Uncaught Error: Call to undefined function get_current_screen() in \wp-includes\script-loader.php:2356
Stack trace:
#0 \wp-includes\class-wp-hook.php(307): wp_global_styles_render_svg_filters('')
#1 \wp-includes\class-wp-hook.php(331): WP_Hook->apply_filters(NULL, Array)
#2 \wp-includes\plugin.php(474): WP_Hook->do_action(Array)
#3 \wp-includes\general-template.php(3074): do_action('wp_body_open')
#4 \wp-content\themes\flatsome\header.php(16): wp_body_open()
#5 \wp-includes\template.php(770): require_once('D:\\domains\\www....')
#6 \wp-includes\template.php(716): load_template('D:\\domains\\www....', true, Array)
#7 \wp-includes\general-template.php(48): locate_template(Array, true, true, Array)
#8 \wp-content\themes\flatsome\404.php(10): get_header()
#9 \wp-includes\template.php(772): require('D:\\domains\\www....')
#10 \wp-includes\template.php(716): load_template('D:\\domains\\www....', false, Array)
#11 \wp-includes\general-template.php(204): locate_template(Array, true, false, Array)
#12 \wp-content\plugins\hide-login-page\libs\factory\templates\includes\class-helpers.php(79): get_template_part(404)
#13 \wp-content\plugins\hide-login-page\includes\classes\class.configurate-hide-login-page.php(226): WBCR\Factory_Templates_106\Helpers::setError404()
#14 \wp-content\plugins\hide-login-page\includes\classes\class.configurate-hide-login-page.php(153): WHLP_ConfigHideLoginPage->setAccessError()
#15 \wp-includes\class-wp-hook.php(307): WHLP_ConfigHideLoginPage->wpLoaded('')
#16 \wp-includes\class-wp-hook.php(331): WP_Hook->apply_filters(NULL, Array)
#17 \wp-includes\plugin.php(474): WP_Hook->do_action(Array)
#18 \wp-settings.php(609): do_action('wp_loaded')
#19 \wp-config.php(144): require_once('D:\\domains\\www....')
#20 \wp-load.php(50): require_once('D:\\domains\\www....')
#21 \wp-admin\admin.php(34): require_once('D:\\domains\\www....')
#22 \wp-admin\index.php(10): require_once('D:\\domains\\www....')The workaround that’s working for me is:
\plugins\hide-login-page\libs\factory\templates\includes\class-helpers.php line ~77
if( $wp_query && is_object($wp_query) ) {
$wp_query->set_404();
#alx359-->
#get_template_part(404);
header('Location: /');
die();
#<--alx359
} else {
global $pagenow;HTH.
Thanks.
I have setup these in my wp-config.php
define( 'WP_SITEURL', 'https://api.mydomain.com' );
define( 'WP_HOME', 'https://www.mydomain.com' );
When the plugin is active the login form posts at the WP_HOME url instead of the WP_SITEURL, thus I cannot login.
]]>I have recieved an error message from WP:
`From WordPress 5.2, there is a built-in feature that detects when a plugin or theme is to blame for a bug on your site, and notifies you through this automated email.
In this case, WordPress has found an error in one of your plugins, Webcraftic Hide login page.
First of all, visit your website and see if there are any visible problems. Next, visit the page where the error was found (…/wp-admin/export.php) and see if there are any visible problems.
Contact your host for help investigating this issue further.
If your page appears to be broken and you do not have access to your control panel as usual, WordPress now has a special “restore mode”. This lets you log in securely to the control panel so you can investigate the error further.
…
Details of errors
================
An error of type E_PARSE occurred in line 477 in the file …/wp-content/plugins/hide-login-page/libs/factory/pages/templates/impressive-page.class.php. Error message: syntax error, unexpected ‘>’`
What can I do?
]]>Hi dear @webcraftic , @creativemotion , @alexkovalevv , @webtemyk ,
Two weeks ago and precisely on November 26, 2020 the latest and most updated official stable version of PHP 8.0.x was released while 1 day ago and precisely on November 8, 2020 the latest and most updated official and stable version was released of WordPress 5.6.x which supports the new version of PHP 8.0.x .
I wanted to ask you the following question:
When you make your “Hide login page, Hide wp admin – stop attack on login page” plugin compatible with the latest and most updated official stable version of PHP 8.0.x , you have an ETA (Estimated Time of Arrival) ?
Thanks in advance for the support.
]]>Hi dear @webcraftic , @creativemotion , @alexkovalevv , @webtemyk ,
Your “Hide login page, Hide wp admin – stop attack on login page” plugin for WordPress has not been updated for over 7 months and is only compatible up to WordPress version 5.4.4 .
1 day ago and precisely on November 8, 2020 the latest and most updated official and stable version was released of WordPress 5.6.x .
I wanted to ask you the following question:
When will you make your “Hide login page, Hide wp admin – stop attack on login page” plugin compatible with WordPress version 5.6.x , you have an ETA (Estimated Time of Arrival) ?
Thanks in advance for the support.
]]>А какой смысл, если по /wp-admin попадаешь на новую страницу авторизации?
]]>I’m posting this (report) come post in both “Limit Login Attempts Reloaded” and also “Webcraftic Hide login page”, all in the vain hope that someone out there might know what to do.
Both plugins are extraordinary by the way, but they are being circumvented.
Below are my raw Apache Logs from the 31st, and gods honest true here: I’m having a little trouble reading them, but I’ve spread the logs out so’s to get a clearer course of events, and yes: it’s a bit long, but worth it, especially as it shows the sever-side login procedure.
Background:
My main site is b92mjs.co.uk
And I have a domain parked next to it called pigsoft.net
There’s nothing of value being shown here, and all pages are in the public domain.
From wp-login.php, my changed secret login page is now called b92login.php
– And revealing that top-secret-information, is a rather moot point; as you’ll soon discover.
This particular Lock out by “Limit Login Attempts Reloaded”, got logged at nine, .. and the IP address was already in the Deny rules: yet they were still able to hit the server side of my site.
As always: the hackers start off with my parked site and then add the conventional wp-login.php string.
It must also be remembered, that the entire thing took seconds to complete.
Begin.
[31/Aug/2020:09:56:02 +0100]
"GET /wp-login.php HTTP/1.0" 404 69666
"https://pigsoft.net/wp-login.php" <<<<-------!!!!!! normal wp-login.php
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.51"
77.247.181.165
pigsoft.net 77.247.181.165 -
- [31/Aug/2020:09:56:05 +0100]
"GET / HTTP/1.1" 301 - "https://pigsoft.net/"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.51"
77.247.181.165
www.b92mjs.co.uk 77.247.181.165 -
// They now switch their attention to my main site, ..
- [31/Aug/2020:09:56:09 +0100]
"GET / HTTP/1.1" 200 88022
"https://www.b92mjs.co.uk/"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.51"
77.247.181.165
www.b92mjs.co.uk 77.247.181.165 -
- [31/Aug/2020:09:56:12 +0100]
"GET /blog/ HTTP/1.1" 200 86551
"https://www.b92mjs.co.uk/blog/"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.51"
77.247.181.165
www.b92mjs.co.uk 77.247.181.165 -
// This POST is interesting, but I can't see what it does, and yes: I do have contact-form 7 installed, ..
// But how would they know?
- [31/Aug/2020:09:56:14 +0100]
"POST /wp-json/contact-form-7/v1/contact-forms/4450/feedback HTTP/1.1" 200 176
"https://www.b92mjs.co.uk/blog/"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.51"
77.247.181.165
www.b92mjs.co.uk 77.247.181.165 -
// I had no idea why they kept hitting the 'Knickers' pages, ..
// Then found this code below inside one of them on the Text Tab side of tinyMCE
<div data-contents="true">
<div data-block="true" data-editor="4rjjj" data-offset-key="1ih5n-0-0">?</div>
</div>
// No clue how it got there, perhaps an old editor, but it's now been removed.
// Yesterday the Hackers were targeting the Submit button on my Boxzilla pop-ups.
// I've removed all of them bar one.
// Continuing ever onwards in the Hackathone, ..
- [31/Aug/2020:09:56:16 +0100]
"GET /knickers/enter-the-void/ HTTP/1.1" 200 79919
"https://www.b92mjs.co.uk/knickers/enter-the-void/"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.51"
77.247.181.165
www.b92mjs.co.uk 77.247.181.165 -
- [31/Aug/2020:09:56:19 +0100]
"GET /knickers/enter-the-void/its-outa-this-world-or-it-oorta-be/ HTTP/1.1" 200 84411 "https://www.b92mjs.co.uk/knickers/enter-the-void/its-outa-this-world-or-it-oorta-be/"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.51"
77.247.181.165
www.b92mjs.co.uk 77.247.181.165 -
// =============== (( HERE IT IS ))=============
// From the above, then my hidden login has been found, .. but how?
// It can only be WordPress that's revealing it, ..
- [31/Aug/2020:09:56:21 +0100]
"GET /b92login/ HTTP/1.1" 200 9570 <<<<<<<<<<<<<<<< how are they doing it?
"https://www.b92mjs.co.uk/b92login/" <<<<<<<<<<<<<<<< how are they doing it?
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.51"
77.247.181.165
www.b92mjs.co.uk 77.247.181.165 -
- [31/Aug/2020:09:56:23 +0100]
"POST /b92login/ HTTP/1.1" 200 9812 "https://www.b92mjs.co.uk/b92login/"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.51"
77.247.181.165
pigsoft.net 77.247.181.165 -
// Kicked out by "Limit Login Attempts Reloaded", so they start yet again with my parked pigsoft.net domain, ..
- [31/Aug/2020:09:56:25 +0100]
"GET /wp-login.php HTTP/1.0" 404 69652
"https://pigsoft.net/wp-login.php"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.51"
77.247.181.165
www.b92mjs.co.uk 77.247.181.165 -
- [31/Aug/2020:09:56:26 +0100]
"GET /index.php HTTP/1.1" 301 -
"https://www.b92mjs.co.uk/index.php"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.51"
77.247.181.165
www.b92mjs.co.uk 77.247.181.165 -
- [31/Aug/2020:09:56:29 +0100]
"GET /index.php HTTP/1.1" 301 -
"https://www.b92mjs.co.uk/index.php"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.51"
77.247.181.165
www.b92mjs.co.uk 77.247.181.165 -
- [31/Aug/2020:09:56:30 +0100]
"GET /index.php HTTP/1.1" 301 -
"https://www.b92mjs.co.uk/index.php"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.51"
77.247.181.165
pigsoft.net 77.247.181.162 -
- [31/Aug/2020:09:58:55 +0100]
"GET /wp-login.php HTTP/1.0" 404 69677
"https://pigsoft.net/wp-login.php"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
77.247.181.162
pigsoft.net 77.247.181.162 -
- [31/Aug/2020:09:58:56 +0100]
"GET / HTTP/1.1" 301 -
"https://pigsoft.net/"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
77.247.181.162
www.b92mjs.co.uk 77.247.181.162 -
- [31/Aug/2020:09:58:59 +0100]
/ HTTP/1.1" 200 88026 "https://www.b92mjs.co.uk/"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" 77.247.181.162
www.b92mjs.co.uk 77.120.113.64 -
- [31/Aug/2020:09:59:03 +0100]
"GET /blog/ HTTP/1.1" 200 86546 "https://www.b92mjs.co.uk/blog/"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" 77.120.113.64
www.b92mjs.co.uk 77.120.113.64 -
- [31/Aug/2020:09:59:06 +0100]
"POST /wp-json/contact-form-7/v1/contact-forms/4450/feedback HTTP/1.1" 200 176
// Yet again, the Hacking Script has detected a weakness somewhere.
"https://www.b92mjs.co.uk/blog/"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
77.120.113.64
www.b92mjs.co.uk 77.120.113.64 -
- [31/Aug/2020:09:59:08 +0100]
"GET /knickers/enter-the-void/ HTTP/1.1" 200 79949
"https://www.b92mjs.co.uk/knickers/enter-the-void/"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
77.120.113.64
www.b92mjs.co.uk 77.120.113.64 -
- [31/Aug/2020:09:59:10 +0100]
"GET /knickers/enter-the-void/its-outa-this-world-or-it-oorta-be/ HTTP/1.1" 200 84415
"https://www.b92mjs.co.uk/knickers/enter-the-void/its-outa-this-world-or-it-oorta-be/"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" 77.120.113.64
www.b92mjs.co.uk 77.120.113.64 -
// From the above, then my hidden login below has been found yet again!
// As I say: it can only be WordPress itself that's revealing the new login file name.
- [31/Aug/2020:09:59:13 +0100]
"GET /b92login/ HTTP/1.1" 200 9570
"https://www.b92mjs.co.uk/b92login/"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
77.120.113.64
www.b92mjs.co.uk 104.244.78.231 -
- [31/Aug/2020:09:59:15 +0100]
"POST /b92login/ HTTP/1.1" 200 9812
"https://www.b92mjs.co.uk/b92login/"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
104.244.78.231
pigsoft.net 104.244.78.231 -
// Kicked out for the second time, by "Limit Login Attempts Reloaded".
- [31/Aug/2020:09:59:16 +0100]
"GET /wp-login.php HTTP/1.0" 404 69681
"https://pigsoft.net/wp-login.php"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" 104.244.78.231
www.b92mjs.co.uk 104.244.78.231 -
- [31/Aug/2020:09:59:21 +0100]
"GET /index.php HTTP/1.1" 301 - "https://www.b92mjs.co.uk/index.php"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" 104.244.78.231
www.b92mjs.co.uk 185.220.101.195 -
- [31/Aug/2020:09:59:23 +0100]
"GET /index.php HTTP/1.1" 301 - "https://www.b92mjs.co.uk/index.php"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" 185.220.101.195
www.b92mjs.co.uk 185.220.101.195 -
- [31/Aug/2020:09:59:25 +0100]
"GET /index.php HTTP/1.1" 301 - "https://www.b92mjs.co.uk/index.php"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" 185.220.101.195
b92mjs.co.uk 114.119.167.156 -
- [31/Aug/2020:10:01:31 +0100]
"GET /wordpress-problems/how-too-add-a-vertical-menu-bar-separator HTTP/1.1" 301 - "-"
"Mozilla/5.0 (Linux; Android 7.0;) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; PetalBot;+https://aspiegel.com/petalbot)" 114.119.167.156
www.b92mjs.co.uk 114.119.167.156 -
- [31/Aug/2020:10:01:35 +0100]
"GET /myoutings/how-too-add-a-vertical-menu-bar-separator/ HTTP/1.1" 200 77752 "-"
"Mozilla/5.0 (Linux; Android 7.0;) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; PetalBot;+https://aspiegel.com/petalbot)" 114.119.167.156
pigsoft.net 185.220.102.8 -
- [31/Aug/2020:10:06:45 +0100]
"GET /wp-login.php HTTP/1.0" 404 69661
"https://pigsoft.net/wp-login.php"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36" 185.220.102.8
pigsoft.net 185.220.102.8 -
- [31/Aug/2020:10:06:49 +0100]
"GET / HTTP/1.1" 301 - "https://pigsoft.net/"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36"
185.220.102.8
www.b92mjs.co.uk 185.220.102.8 -
- [31/Aug/2020:10:06:52 +0100]
"GET / HTTP/1.1" 200 88043
"https://www.b92mjs.co.uk/"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36"
185.220.102.8
www.b92mjs.co.uk 185.220.100.253 -
- [31/Aug/2020:10:06:55 +0100]
"GET /blog/ HTTP/1.1" 200 86559 "https://www.b92mjs.co.uk/blog/"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36"
185.220.100.253
www.b92mjs.co.uk 185.220.100.253 -
- [31/Aug/2020:10:06:58 +0100]
"POST /wp-json/contact-form-7/v1/contact-forms/4450/feedback HTTP/1.1" 200 176
"https://www.b92mjs.co.uk/blog/"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36"
185.220.100.253
www.b92mjs.co.uk 185.220.100.253 -
- [31/Aug/2020:10:07:00 +0100]
"GET /knickers/enter-the-void/ HTTP/1.1" 200 79930
"https://www.b92mjs.co.uk/knickers/enter-the-void/"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36"
185.220.100.253
www.b92mjs.co.uk 185.220.100.253 -
- [31/Aug/2020:10:07:02 +0100]
"GET /knickers/enter-the-void/its-outa-this-world-or-it-oorta-be/ HTTP/1.1" 200 84421 "https://www.b92mjs.co.uk/knickers/enter-the-void/its-outa-this-world-or-it-oorta-be/"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36"
185.220.100.253
www.b92mjs.co.uk 185.220.100.253 -
<<<<<<<<<<<<<<<<<< IN YET AGAIN AFTER THAT HUGE STRING.
- [31/Aug/2020:10:07:03 +0100]
"GET /b92login/ HTTP/1.1" 200 9570
"https://www.b92mjs.co.uk/b92login/"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36"
185.220.100.253
www.b92mjs.co.uk 51.75.64.187 -
- [31/Aug/2020:10:07:05 +0100]
"POST /b92login/ HTTP/1.1" 200 9812
"https://www.b92mjs.co.uk/b92login/"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36"
51.75.64.187
pigsoft.net 51.75.64.187 -
// And yet again the Hackers have been bounced out by "Limit Login Attempts Reloaded", ..
// So they start yet again on my parked domain, ..
- [31/Aug/2020:10:07:06 +0100]
"GET /wp-login.php HTTP/1.0" 404 69679
"https://pigsoft.net/wp-login.php"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36"
51.75.64.187
www.b92mjs.co.uk 51.75.64.187 -
- [31/Aug/2020:10:07:08 +0100]
"GET /index.php HTTP/1.1" 301 - "https://www.b92mjs.co.uk/index.php"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36"
51.75.64.187
www.b92mjs.co.uk 51.75.64.187 -
- [31/Aug/2020:10:07:10 +0100]
"GET /index.php HTTP/1.1" 301 - "https://www.b92mjs.co.uk/index.php"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36"
51.75.64.187
www.b92mjs.co.uk 51.75.64.187 -
- [31/Aug/2020:10:07:11 +0100]
"GET /index.php HTTP/1.1" 301 - "https://www.b92mjs.co.uk/index.php"
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36" 51.75.64.187
www.b92mjs.co.uk 114.119.165.74 And so it goes on and on and on, ..
Even even doing all that housekeeping on the internal pages, they’re still getting at my secret login link page, but by now hitting submit button buried deep inside my site.
I do hope that you’ve kept up at the back, now sit to attention!
So, .. anyone got any pointers as to what’s happening?
Catch you (Laters) my lovely Hackers.
]]>Hello,
Since I have installed a plugin to make my website multi language, I have an issue to log into my WP admin panel.
I go to
https://mysite.com/my-hide-login-page
I access the WP admin login/password page but after filling info, instead of being directed to WP admin panel the system sent me to
https://mysite.com/fr/my-hide-login-page
So I get my 404 error page.
What can I do to solve this ?
Thanks for help.
]]>redirect set to forbidden 403, on wp-login it’s 403, but on wp-admin it’s 404
]]>Hi,
don′t know if there is any Help on this site. But, as I described in the Topic. I still can access the Login Form with wp-login.php and – I don′t know why it is even possible, because it is not a WordPress Standard – with just the word “login”.
Can you help me with that?
Thanks
Mikkel
I have used your plugin to hide the login page and it certainly has done that. Using /wp-admin or /wp-login will return a /404 which is fine and yet someone using the IP address 5.188.84.186 is still able to find my login page and attempt to get in.
The IP Address above is shown on Google to be a Russian address whose abuse level is 100%. The secret login page I am using is the conjunction of a number of words known only to me and not found in any dictionary.
Have you any idea how the hacker, who is clearly a professional at this, has been able to find a back door to your plugin?
]]>Добрый день!
В возможно ли и как защитить вновь созданную страницу входа еще и посредством пароля в htaccess?
Что то вроде двухфакторной аутентификации чтобы получилось.
I used to use a different plugin to hide my login page, until the custom URL stopped working and I was locked out. I had to delete that plugin’s folder via cPanel in order to regain access to my admin panel. Naturally, I proceeded to look for a better option. I decided on this one because it had all 5-star reviews.
Imagine my surprise and disappointment when the exact same problem occurred once again. The custom login page gives me a 404 and the default login page gives me a 403. I can’t login at all. The worst part? Even the recovery link provided by the plugin gives me a 404. Normally, I always have at least one tab open to the admin panel and it just has the little window pop up asking me to login again when my session times out, but for some reason that isn’t popping up this time. So, I’m officially locked out from every angle.
I suppose I will have to use my cPanel to disable the plugin again. But I want to know if there is anything I did wrong that I could do differently so that this doesn’t happen again. If not, I will have to give up on this kind of plugin and just stick with the default login page.
FYI, in case it is relevant, I use WordFence as my security plugin.
]]>Hi,
not more to say as the topic describes it…
wp-admin & wp-login – no problem.
With .php I can reach the login page plus I see the new login url in the url-field.
WP 5.4.2, php 7.3
Plugins:
Advanced Custom Fields PRO
Disable Gutenberg
Enable Media Replace
Safe SVG
Simple History
Webcraftic Clearfy – WordPress Optimierungs-Plugin
Webcraftic Hide login page
Thanks in advance
Mikkel