Hacking Custom Login URL

  • Zafer

    (@zaferyilmaznet)


    1 year, 7 months ago

    Hello there,

    I am using your Custom Login URL feature. I was checking activity logs and saw that someone used “/wp-login.php//wp-login.php” url and got a 200 response. I tried it myself. Yes, when using that url, it access to WP admin entrance page, bypassing my custom url. Is this a bug?

Viewing 1 replies (of 1 total)
  • Plugin Support Georgi Ganchev

    (@georgiganchev)

    Hello @zaferyilmaznet

    Please be advised that we are aware of this issue and we have reported it to our developers. I would like to ensure you that this is no hack or breach of any sort.

    When you navigate to the page domain.tld/wp-login.php//wp-login.php in your browser you will get our custom page indicating that the access is restricted:

    Restricted access

    You don’t have access to this page. Please contact the administrator of this website for further assistance.

    The request however is recorded as 200OK instead of the 403 response that it should receive. We are working on this issue and as soon as it is resolved the requests would resolve with the proper status code.

    If you are not receiving the Restricted access page, please provide us with the URL of your website or if you are a SiteGround client, you may open a ticket from your Client Area.

    Best regards,
    Georgi Ganchev

Viewing 1 replies (of 1 total)
  • The topic ‘Hacking Custom Login URL’ is closed to new replies.