/admin and /admin/ redirect to /wp-admin

  • Resolved mesmerizedchild

    (@mesmerizedchild)


    9 years, 5 months ago

    Hi,

    I’ve just installed the plug in, so I’m on version 1.5, together with WP 4.3.1.

    I have the option “Redirect dashboard requests” ticked, so that when I access <WP URL>/wp-admin I get the theme’s 404 page. Good.

    If I enter <WP URL>/admin or <WP URL>/admin/ then there is a redirection to <WP URL>/wp-admin [i.e. the URL in the address changes to /wp-admin], and then I see the 404 page again.
    So, no major problems there; however, the redirection does tell an attacker that the site is running WordPress, and this is a piece of information that should not leak: access to /admin should give a 404 straight away, if possible.

    I’ve tested this on a rather out-of-the-box installation of WP, so I imagine that you should be able to replicate this on any of your machines; if that is not the case, then let me know and I’ll set up something that you can access too.

    Thanks,
    Roberto.

    https://www.ads-software.com/plugins/wp-cerber/

Viewing 5 replies - 1 through 5 (of 5 total)
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘/admin and /admin/ redirect to /wp-admin’ is closed to new replies.