Login page hint to multisite

  • Resolved Lingo87

    (@lingo87)


    10 years, 3 months ago

    Hello together.

    1. question

    I already set up a wp-multisite with subfolders (www.mymultisite.com) (Domain Mapping Plugin activated)

    Now I go on one of my sites https://www.mydomain.com/wp-login and check the source code.
    In the source code I found some information about my multisite domain, like this:

    <div id="login">
<h1><a href="https://www.mymultisite.com/" title="multisite-network" tabindex="-1">My Domain</a></h1>

    and

    <p id="nav">
<a href="https://www.mymultisite.com/wp-login.php?action=lostpassword" title="Lost Password">Password lost?</a>
</p>

    Is there a way to disable these hints to my multisite domain?
    I dont want hints about my multisite, because of security reasons!

    2. question:

    Is there a way to disable the whole login-page for single sites?
    Its enough for me, if I have the multisite admin-login to manage all single sites.

    Sorry for my bad english, but I hope you understand my problem and you can help me. ??

    Regards
    Thomas

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Is there a way to disable these hints to my multisite domain?

    Not at this time, though we’re talking about adding in some filters. No sooner than 4.2 if that. Though why do you care?

    Is there a way to disable the whole login-page for single sites?

    No. Because then how will people log in?

    You COULD redirect them but if you ever use mapped domains or subdomains, cookies would become a nightmare.

    Oh wait!

    I already set up a wp-multisite with subfolders (www.mymultisite.com) (Domain Mapping Plugin activated)

    Yeah. Don’t. You will, one day, have a situation where you’re logged in on domain.com and logged OUT on mymultisite.com and if you disable the login pages, you will cry.

    Thread Starter Lingo87

    (@lingo87)

    Hi,

    thanks Ipstenu for your fast reply.

    Is there a way to disable these hints to my multisite domain?

    Not at this time, though we’re talking about adding in some filters. No sooner than 4.2 if that. Though why do you care?

    I dont want hints to my Multisite domain, because if someone want to hack my website and he will find my multisite, he will have access to all websites. Thats why I care about the hints. I want my multisite domain so much invisible I can.

    Is there a way to disable the whole login-page for single sites?

    No. Because then how will people log in?

    You COULD redirect them but if you ever use mapped domains or subdomains, cookies would become a nightmare.

    Oh wait!

    I already set up a wp-multisite with subfolders (www.mymultisite.com) (Domain Mapping Plugin activated)

    What do you think about these lines in my htaccess?

    RewriteCond %{HTTP_HOST} ^www.mydomain.com$ [NC]
RewriteRule ^(wp-login.*)$ 404.php [R=404,L]

RewriteCond %{HTTP_HOST} ^www.mydomain.com$ [NC]
RewriteRule ^(wp-admin.*)$ 404.php [R=404,L]

    I can add the lines for every single domain or delete them if I need the admin access to a single domain.

    Regards
    Thomas

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    No one cares.

    No, really. Hackers? DO NOT care.

    You have two types of attacks to worry about:

    1) BruteForce attacks, who will hit your site with their attack without looking to see if you’re on WordPress at all. Seriously. I work for a Webhost. They’re indiscriminate.

    2) People who hate you, who are attacking you directly.

    What you’re doing? Won’t impact either of them. I speak from experience. They just don’t care. If they hate you enough, they will use every script in the book. ‘Hiding’ the fact you’re on WP or Multisite is a waste of your time and effort. Don’t bother.

    A better .htaccess would be this BUT…

    RewriteCond %{HTTP_HOST} ^www.mydomain.com$ [NC]
RewriteRule ^(wp-login.php|wp-admin)$ 404.php [R=404,L]

    Congratulations. Now you can’t get into wp-admin either ??

    Like I said. Don’t.

    I wrote https://halfelf.org/2013/wp-login-protection-htaccess/ about how to protect your login via .htaccess.

    Thread Starter Lingo87

    (@lingo87)

    Hi Ipstenu,

    ok you convinced me.
    Ok I think i can rest easy now. ??

    Regards and thanks for your reply.

    Regards
    Thomas

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Login page hint to multisite’ is closed to new replies.