[NSFW] Main Settings Security not working (several)

  • kruddock

    (@kruddock)


    4 years ago

    I was following your guide https://wpcerber.com/how-to-rename-wp-login-php/ and the thing is that this guide is no longer in sync with your plugin display. A few things I’ve noticed with trying to test the custom login url.

    CUSTOM LOGIN URL

    DISABLE WP-LOGIN.PHP (The setting is no longer immediately below custom login url)

    We use a custom-login url and have this input field set.
    I am trying to disable access to wp-login, but now that the main settings area looks different I am guessing on what to configure. There are 2 fields in other areas that appear related to blocking access WP-LOGIN.PHP

    Processing wp-login.php authentication requests: is set to Block access to WP-LOGIN.PHP

    Under PROACTIVE SECURTY RULES
    Request wp-login.php is set to immediately block i/p after any request to wp-login.php

    1) When I attempt to test these settings I’m able to access wp-login.php to sign in as normal. With these settings in place, I’m able to access wp-login.php Which is not what I was expecting. A 404 error is what I expected.

    It appears other have commented on this too on this support site:
    https://www.ads-software.com/support/topic/can-not-block-wp-login-php/
    The topic shows as RESOLVED, but honestly was it?

    2) The next issue also belongs to the PROACTIVE SECURITY RULES GROUP
    Disable dashboard redirect: Disable automatic redirection to the login page when /wp-admin/ is requested by an unauthorized request

    This feature is not doing it’s thing. In fact, our secret login page is redirected to when the user accesses wpadmin. (SECURITY ALERT.. THE HACKER NOW KNOWS OUR URL)

    Please advise when you will have these issues fixed.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author gioni

    (@gioni)

    Please read carefully: https://wpcerber.com/quickhelp/

    1. You need to perform the tests in an incognito (private) browser window.
    2. Before testing, remove your IP address from the White IP Access List.

    P.S. The article about the custom login URL will be updated soon.

    Thread Starter kruddock

    (@kruddock)

    Hello Gregory,

    I removed my whitelisted i/p address and tried logging in using my custom-login.php from an incognito window and got the familiar “We’re sorry, you are not allowed to proceed” message which I would expect. But why am I getting this message after I re-add my whitelisted i/p address back in place? I am unable to log in from a custom url.

    Suggestions?

    Do we need to physically create a new login file?
    ie . create custom-login.php from a copy of wp-login.php

    How’s the article update coming along?

    Plugin Author gioni

    (@gioni)

    You do not need to create any file. Make sure you use the correct custom login URL. Clear the browser cache.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[NSFW] Main Settings Security not working (several)’ is closed to new replies.