FP Printing Admin URL in Source Code

  • Anonymous User 11187416

    (@anonymized-11187416)


    2 years, 5 months ago

    Hey,

    So I have customised my admin login urls (and put other settings in place to block the defaults) so that brute force attempts are more or less impossible.

    However, I’ve had a few attempts recently, leading me to check how on earth they could have found the URL. It’s then I spotted that FP includes it in the Ignore List whether it’s manually there or not. Taken from this part of your inject-js.php.

    ignoreKeywords: '.json_encode(get_option('flying_pages_config_ignore_keywords'), true).',

    Now, caching/minifying etc is a multilayer beast so there’s a chance that, although it’s your code, it’s not FP itself causing the exposure. But as it’s your JS I wanted to start there.

    Is there any way to modify your code to exclude the admin URLs from appearing publicly in the ignore list (or at all, preferably)?

    Thanks!

  • The topic ‘FP Printing Admin URL in Source Code’ is closed to new replies.