Theme my login doesn’t work with AIOWPS brute force wp-admin URL change

  • Hello,

    As a standard operating procedure we always use All in One WordPress Security to rename the /wp-admin URL to something else for every wordpress site we manage. Everyone should do similar as using /wp-admin is a security risk.

    I have recently taken on a new site which also uses your plugin to style the login page however it does not work as soon as I change the login URL using AIOWPS even if I set it to the same URL in Theme My Login. I still see only the default login page at my address.

    Example:
    – WordPress admin URL changed to domain.com/customurl using AIOWPS Brute Force
    – Theme My Login Login Slug set to domain.com/customurl
    – A page created in the wordpress admin for customurl
    – A custom wordpress template file page-customurl.php

    Now this all works as expected for each plugin if I disable the other one. However as soon as I enable AIOWPS brute force to change the login URL properly then I see the default login page rather than the custom one even though the URL in the browser bar is domain.com/customurl which is the same as that in Theme My Login.

    My issue is that I need to use AIOWPS for security because Theme My Login does not actually block access to /wp-admin rather it just redirects from domain.com/wp-admin to domain.com/customurl

    Can you please tell me how I need to set up Theme My Login to work when the wordpress admin login URL is not /wp-admin ?

    Alternatively I’m happy to ditch AIOWPS for the login URL change if you can tell me how to actually change the login URL using Theme My Login so that domain.com/wp-admin does not redirect and instead returns an error or a 404.

    I’m asking you here as the security requirement of changing the wordpress admin URL is more important functionally than theming the login page visually so therefore it is your plugin which needs to work with AIOWPS rather than visa versa.

    Thanks very much for your assistance,

    Nicole

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Jeff Farthing

    (@jfarthing84)

    I’ll start with the obligatory statement: security through obscurity is not security.

    Also, unfortunately, due to the vast number of plugins in the WP ecosystem, we cannot guarantee TML to be 100% compatible with anything but WP core and TML’s own extensions. This may be one of those cases where they are just not compatible.

    Thread Starter nicole2292

    (@nicole2292)

    Hi Jeff, thanks for your response.

    I understand this is not the only security measure however it is a highly recommended one. Obviously we take other measures as well. That doesn’t mean we should not even bother with such as easy thing to change.

    I also understand that you cannot ensure compatibility of your plugin with every other plugin in the wordpress landscape. That would be too onerous.

    That said I would expect that your plugin would be compatible with those plugins which are used by many people in the community. AIOWPS has over 800,000 installs which is about 8 times that of TML. As such I would expect you would be interested to make your plugin compatible.

    Anyway, up to you. For now I will theme our login page manually.

    Thanks,
    Nicole

    • This reply was modified 4 years, 8 months ago by nicole2292.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Theme my login doesn’t work with AIOWPS brute force wp-admin URL change’ is closed to new replies.