Hide Beckend?

Hi,

Can you please try testing in a browser once more that hasn’t had the itsec-hb token included? Try to access /wp-login.php in a private/incognito browser and please type versus copy/paste examplesite.com/wp-login.php.

The way that Hide Backend functions changes in this release. Previously, if your Hide Backend Login Slug was wplogin, going to example.com/wplogin would result in the URL remaining example.com/wplogin. The new implementation of this feature results in a redirect to a URL that looks as follows: example.com/wp-login.php?itsec-hb-token=wplogin. While this may not be desirable for some users, this change was necessary to fix longstanding compatibility issues with other plugins. Once you access the login page using the Login Slug page, a cookie is set with an expiration time of one hour. As long as the cookie remains, you can access example.com/wp-login.php without having to access the Hide Backend Login Slug first. If you wish to confirm that Hide Backend is working properly on your site, opening up a private browsing window is a quick way to test without having to log out and clear cookies.

Thanks,

Gerroald

hi geroald. the first, thanks for your interest.

i checked again it.

when we type: asdasd.com/wp-login.php
website goes to Redirection Slug (for example: asdasd.com/404)

but when we type again: asdasd.com/wp-login.php
the website goes to asdasd.com/wp-login.php

becouse like you said and you wrote via Changelog: the plugin keeps some cookies about it.
i already read that in the Changelog. i am always reading the logs before update any plugin. that’s ok i got your changes that but;

this is not good.

if i wanted to use /wp-login.php link any where or any time; why am i have to use any hide beckend module? what’s the different?

for example i have a multiblog website and i have 50 authors on it.

i am sharing my wp-login slug in website header menu links for the user can use it.

and so anyone knows my hide beckend slug.

i dont want to use or show anywhere: “wp-login.php” or any wordpress login slugs.

so with the update the hide beckend module is completely useless for me. So i am disappointed for this changes.

thanks

I have the same issue with the amended Hide Backend module. It is useless in its new form. I have temporarily resolved it by copying the old module folder into the new plugin directory so I still have some of the updates. As I don’t have plugin conflicts this works well for now. However this is obviously not best practice. I hope that this can be resolved in a better way soon. Maybe give users a choice to use the module with its older and most powerful functionality if there are no conflicts but also include the newer module as a separate choice to allow others who might have problems to enable the new version instead.

I notice you said that “The way that Hide Backend functions changes in this release”. Are you working on a fix for the ERR_RESPONSE_HEADERS_TOO_BIG errors caused by Hide Backend in Chrome?
See here for details:
https://www.ads-software.com/support/topic/err_response_headers_too_big-in-chrome/#post-9304272

I have the Hide Backend feature disabled at the moment, else the site does not work at all on Chrome.

~ Paul

@pauldoeswordpress

My understanding is that the 6.3.0 plugin update which was released last week includes a totally refactored Hide Backend feature.

As a result one of the old Hide Backend hooks/functions (auth_cookie_expired) which probably caused the ERR_RESPONSE_HEADERS_TOO_BIG error (due to an infinite loop) is no longer present.

You’ll find the following related entry in the 6.3.0 changelog:

Bug Fix: Fixed an infinite loop that could occur when expiring a cookie and Hide Backend is enabled.

Not sure why this only seemed to affect Chrome …

Anyway I guess you’ll need to check whether the issue vanished after applying the lastest plugin update (6.3.0) …

• This reply was modified 7 years, 8 months ago by pronl.

Yay! I updated to 6.3.0, activated Hide Backend and it all works perfectly, thanks!

Hi there, this topic for a different Problem, please cerate a New topic for your own que.

Thanks.

And the plugin author @gerroald,
I am still waiting a solution from you about my request.

Thanks.

hi @gerroald,

I am still waiting a solution from you about my request.

Thanks.

Hi @gecedergi,

This is how the feature is now designed. It will not change as it’s much more secure, and will cause far less conflicts. There’s no way around showing the wp-login.php portion, but this will only be shown to people that know the login.

I’m sorry if this disappoints you, but the changes made are for the better with better security and compatibility in mind.

Thanks,

Gerroald

hi @gerroald,

i got that :}

ok, that’s acceptable for reason of security.

thanks for your interest.

have a nice work.

Hi @gerroald, I actually hate it now as it no longer does what I wanted it to do… the main thing I liked about the hide backend feature was because it made the backend hidden.

Now once the user has logged in they now know I am using WordPress as my backend platform which I do not like at all.

I will now have to look for another plugin which can hide the backend as I see no point at all using this one to hide the backend as it no longer does that!

• This reply was modified 7 years, 7 months ago by merlinuk.