EASY Bypass of plugin –

  • Resolved david

    (@dskirk)


    11 years, 2 months ago

    Hello,
    I posted a week or so ago about someone bypassing the plugin and we discussed a bit and decided to wait for more info. I read the recent post of Mark about using dummy wp-login.php files…. but I also noticed something in my website’s logs that triggered a test…

    1. take any URL from a site using the plugin
    2. append it with //wp-login.php (that’s TWO slash marks)
    3. and you’re brought to the login page.

    Mark’s fix does not address this. I tested on a couple of my sites and it was consistent. I hope this can be fixed quickly as that seems to be how hackers are still able to locate my site. Thanks,
    david

    https://www.ads-software.com/plugins/rename-wp-login/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Ella

    (@ellatrix)

    You’re right. Thanks for reporting this. I’ll see if I can fix this immediately.
    I’m sorry in the meantime…

    Plugin Author Ella

    (@ellatrix)

    Should be fixed in 2.2! ?? See the other post you replied to.

    Thread Starter david

    (@dskirk)

    I appreciate what you’re doing. This plugin is the only one that gives real login security and I admire that you respond so promptly to support questions. Thank you.
    david

    Thread Starter david

    (@dskirk)

    It WORKS!!!!! I updated my two sites and all is well. Thank you, thank you, thank you. Just terrific support. Regards,
    david

    Plugin Author Ella

    (@ellatrix)

    Haha. ??

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘EASY Bypass of plugin –’ is closed to new replies.