Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without se

And I assume this would be fine, but I have not tested this.

/bulletproof-security/includes/login-security.php Code Line 2

$BPSoptions = get_option('bulletproof_security_options_login_security');
	if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && isset( $_POST['wp-submit'] ) ) {
		add_filter('authenticate', 'bpspro_wp_authenticate_username_password', 20, 3);

add_action('login_head', 'example_simple_query_string_protection_for_login_page');

}

// Simple Query String Login page protection
function example_simple_query_string_protection_for_login_page() {
$QS = '?mySecretString=foobar';
$theRequest = 'https://' . $_SERVER['SERVER_NAME'] . '/' . 'wp-login.php' . '?'. $_SERVER['QUERY_STRING'];

// these are for testing
// echo $theRequest . '<br>';
// echo site_url('/wp-login.php').$QS.'<br>';

if ( site_url('/wp-login.php').$QS == $theRequest ) {
echo 'Query string matches';
} else {
header( 'Location: https://' . $_SERVER['SERVER_NAME'] . '/' );
}
}

Oops made a mistake. corrected above. ??

And another correction. Coffee has not kicked in yet. ha ah ha ??

Nope just tested that and it does not work because of the isset condition. I will post working code in a minute.

LOL just stick that code at the bottom of the /bulletproof-security/includes/login-security.php file after any other code. ??

// Simple Query String Login page protection
function example_simple_query_string_protection_for_login_page() {
$QS = '?mySecretString=foobar';
$theRequest = 'https://' . $_SERVER['SERVER_NAME'] . '/' . 'wp-login.php' . '?'. $_SERVER['QUERY_STRING'];

// these are for testing
// echo $theRequest . '<br>';
// echo site_url('/wp-login.php').$QS.'<br>';

if ( site_url('/wp-login.php').$QS == $theRequest ) {
echo 'Query string matches';
} else {
header( 'Location: https://' . $_SERVER['SERVER_NAME'] . '/' );
}
}
add_action('login_head', 'example_simple_query_string_protection_for_login_page');

And when this new option is added to BPS it will be wrapped something like this…

if ( $BPSoptions['bps_login_security_OnOff'] == 'On' && $BPSoptions['bps_login_security_login_shield'] == 'On') {
...
blah
...
blah
...
blah

This will work for now, but I see problems with additional failed login attempts being logged so it needs refinement/more work.

It said something like this: Warning: Cannot modify header information – headers already sent by (output started at /home/content/00/9175400/html/XYZ/wp-login.php:58) in /home/content/00/9175400/html/XYZ/wp-content/themes/frantic/functions.php on line 242

I’ll try the new code you put together, though.

Do you have a custom login page (Example: /login/) or are you using just the standard WP login page?

I use wp-login.

ok thanks. And I assume the header error is due to the header being called twice when the code is in the theme’s functions.php file. That header error should not occur when the code is added to the login-security.php file, but what I noticed is that if I type in an incorrect password this failed login attempt is logged so what needs to happen is the Query String Login code needs to be incorporated into the existing BPS code instead of just being added to the bottom of the login-security.php file. Like I said it will work for now, but it is clunky. ??

The header error still happens when added to login-security.php.

wierd? i guess there is an additional factor going on on your site. you can do something like this below to kill the error.

https://php.net/manual/en/function.error-reporting.php

function example_simple_query_string_protection_for_login_page() {
error_reporting(0);
...
...
...

Suppressing the error will not fix the fact that I can still login at XYZ.com/wp-login.php

Hmm.

Oh ok then for whatever reason your site has some additional factors involved that do not work with this code. in testing this code works fine on XAMPP, LAMP and Live testing sites so not really sure what else may be a factor on your site. Maybe a plugin that is also using/calling login_head is conflicting. Example: You cannot use 2 plugin features that are doing the same/similar things and using/calling the same functions/variables at the same time. one will cancel out/override the other. ??