[Plugin: Better WP Security] Some Issue with – Hide Backend Options

  • I am using this plugin , and very much satisfied …
    thanks for this nice and helpful plugin .

    There is an issue I am facing with the Hide Backend Options.

    I have activated this option , and updated the wp-login.php redirect related plugin {DW Members Only plugin} as mentioned on that option page like $siteurl = get_bloginfo('url') . "/wp-login.php/?[thekey]&"

    but none of these pages , namely, wp-login.php , wp-login.php?action=register , wp-admin displays as login, register and admin respectively , instead they are displayed as 

    https://www.mysite.com/wp-login.php/?[the key]&
https://www.mysite.com/wp-login.php?[the key]&action=register
https://www.mysite.com/wp-admin/?[the key]

    what needs to be done so that these login page, register page and admin page is displayed as 

    https://www.mysite.com/login
https://www.mysite.com/register
https://www.mysite.com/admin

    https://www.ads-software.com/extend/plugins/better-wp-security/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Be Dark

    (@b_dark)

    m2 to, any solution?! how i update the wp-login.php?!

    Be Dark

    (@b_dark)

    Any news??

    mistaecko

    (@mistaecko)

    From how I understand the ‘Hide Backend Options’ feature it works like this:
    any request that goes to wp-login.php without the security key attached will be redirected to the ‘not found’ page. This is in order to shut out any malicious requests/attacks that target the login mechanism.
    Note that it does NOT redirect requests to wp-login.php to https://www.mysite.com/login (or whatever slug you chose). This would defeat its purpose (hide the login page).

    Any custom link that points to the login page and wants to use wp-login.php has to either add the security key OR point to the ‘login’ slug.

    Not sure why the plugin recommendeds to add the security key since it seems more convenient to just point to the login slug.

    If you point the login link in {DW Members Only plugin} to the login slug (https://www.mysite.com/login) it should work. However, it will then redirect to wp-login.php?[key] and this is what is displayed in the browser bar.

    The protection here is only to deter automated attacks that are scripted assuming a standard wordpress layout.

    This was a bug since 2.16. It is still broken for me on 2.18…

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Plugin: Better WP Security] Some Issue with – Hide Backend Options’ is closed to new replies.