Rename Login Page security issue

Viewing 13 replies - 31 through 43 (of 43 total)
  • Plugin Contributor wpsolutions

    (@wpsolutions)

    You can get in touch with me and I can check your .htaccess file.
    info at wpsolutions-hq dot c o m

    Thread Starter eddyferns

    (@eddyferns)

    @wpsolutions,
    I have sent you an email to the address you supplied as above.

    @lunatrix21,
    Although this is not my concern you could try the solution suggested and then if you would like me to check if it works I could do that for you. Please note that I’ll be available for another 2-3 days.

    Kind regards,
    Ed

    Plugin Contributor wpsolutions

    (@wpsolutions)

    Hi Ed,
    I have emailed you back.

    Thanks Ed
    Let’s wait and see what the plugin author comes up with. Hopefully he can make a fix and I won’t have to bother you any more.
    Cheers
    Luna

    Thread Starter eddyferns

    (@eddyferns)

    @wpsolutions,
    Did the requested…
    Will carry out the test shortly.

    Thread Starter eddyferns

    (@eddyferns)

    Luna,
    This doesn’t bother me at all. I think this forum will help you and others who may read these discussions take a decision whether to use this type of feature or not.

    I have take a decision not to use it even if the test result is in favour of this plugin or any other. For there are many other ways to get by using sophisticated tools and advanced techniques.

    Kind regards
    Ed

    Thread Starter eddyferns

    (@eddyferns)

    @wpsolutions,
    Tested your site and was able to retrieve the secret word and the username. Access to your login url was therefore successful.

    Kind regards
    Ed

    Plugin Contributor wpsolutions

    (@wpsolutions)

    Hi Ed,
    Thanks for that test – I appreciate it.
    I have emailed you to discuss further.

    Thread Starter eddyferns

    (@eddyferns)

    @wpsolutions,
    I have replied your email.

    Kind regards
    Ed

    concepthub

    (@concepthub)

    Has a solution to this issue been discovered?

    Plugin Contributor wpsolutions

    (@wpsolutions)

    Yes this issue was resolved in a recent release.
    Eddy tested and was unable to retrieve the secret login page.

    Thread Starter eddyferns

    (@eddyferns)

    It is true that I was unable to retrieve the secret word of the rename login page after the plugin developers made the necessary change.

    But note that I have used a readily available scanner to do the scan. Cannot say if the secret word will be hidden from highly sophisticated scanners and/or other advanced hacking techniques.

    Also important to note is that the secret word can still be obtained through spidering using brute-force attack.

    Plugin Contributor wpsolutions

    (@wpsolutions)

    Also important to note is that the secret word can still be obtained through spidering using brute-force attack.

    If your secret slug string is sufficiently large and difficult to guess, this would take some serious effort and time to crack. Similar to the situation where a hacker is trying to crack your password.

Viewing 13 replies - 31 through 43 (of 43 total)
  • The topic ‘Rename Login Page security issue’ is closed to new replies.