Why the change? 4.0

Have to say, I’m waiting for the previous functionality as well. I’ve got 20+ users that will never remember a second password, but I can give them a link to bookmark.. ;D

I’m confused, are you guys saying that once the login page is hidden that no one can even register? Most of my problems with bots is that they keep registering and making me go into users to delete them. Will this plugin stop this or should I be looking for some kind of email authentication plugin so that they don’t even get to the user page?

Nootkan, do you need real people to register to your site? If no, just turn off this capability at all. Main page of the settings, option “Anyone can register”

If yes, renaming of register page will prevent from the most part of bots. And also you can always add captcha or any other “quest” that only people can pass.

dvascheta is correct, nootkan. This is for people who want a secure site and having open registrations is inherently insecure because you must have an open login form, however there are additional options coming.

Thanks guys for replying. Unfortunately, I have to have the ability to allow normal users to post and register as feedback is important to the owners of the site. I will do some research on how to rename the register.php page as I am unfamiliar with the steps. I have used captcha but it doesn’t work with the bots that keep attacking all my wordpress sites. I have been thinking of trying to find a plugin that has email authentication where a link is emailed before a user registration is activated. That should stop the bots from getting through (I think) as they never use valid email addresses. Thanks again for the help.

Do you mean that bots pass captcha?

Probably you have to install some more plugins to improve site security. Smth like “Better WP Security” — plugin with the whole complex of WP security improvements.

Also may be a good idea to hide login/register page at all and install some plugin adding sidebar widget with small login form. Search for “sidebar login” in plugins section.

If you need help, please write me at info(at)dvascheta.ru

Yes the bots pass the captcha and my research shows that they are now good enough to fool the email validation. Good grief, is there anyway to stop this onslaught? Is it possible to at least stop them from getting added to the users database before an admin approves or deletes them? I’m getting tired of manually deleting users created by the bot(s). Also tried your other suggestions but cannot find anything related to sidebar login or how to hide the login/register page, but then my searching skills are not the best it seems. I will keep looking. Thanks for the replies by the way much appreciated.

It’s very strange that bots pass captcha. Usually they are not so “clever”.

Try another captcha, may be they recognize only that one you use. But this is all very strange. There are another ways similar to captcha, for example I remember there was a plugin that ask user to orient three pictures some definite way.

And of course you can force new users to wait for your approval — see for example this: https://www.ads-software.com/plugins/search.php?q=New+User+Approve .

Yes I have the new user approve plugin installed, unfortunately the new user is still placed in the user database so I have to manually delete them from the users page in the admin even though I haven’t approved them yet. That is the real problem, I’m getting tired of manually deleting all the fake users that the bot is signing up. They may not be able to do anything on the site but I wish I could stop them from getting to the database somehow and showing up on the users page in the admin. Thanks for your reply.

That is what I hate to. Before 4.0.0 most bots that did try to go to wp-login or wp-admin got redirected to Google.com. That solves 99,999% of the problem. Illigal traffic automatically transferred to some searchengine. Now, they still try. And yes, although still using this plugin and some other captcha they will still try, posing a threat to my site.

I just wanted to weigh in. I really liked the older way. Now my mailbox is filling up with notices that “admin” etc users are locked out due to too many failed login attempts (from the Wordfence plugin, which is awesome). The evil robot wasn’t even getting that far before.

Please restore the old one! I would pay for it!

I’m still up to my neck in projects – you can always download 3.0.0 from the developer tab and re-upload it to get stealth back. The full history of the plugin is available there.

https://www.ads-software.com/plugins/stealth-login-page/developers/

Thanks for that.

Seriously, I’m sure people would be willing to pay a few bucks for such a simple and effective solution to the ongoing issue of those dastardly brute force attacks. And then you could make it more of a priority.

Just a thought.

I’m still using Stealth Login on all sites, because it’s the best out there. However: there has been some talk about additional options (such as the old login method, which I also much preferred) quite a few months ago. Has the development been abandoned?

Like the previous poster, I’d be willing to pay for extended functionality, particularly if it could also resolve the problem with the login page, which is exposed to a much higher attack rate in version 4 (and is somewhat clumsy to login to, because apps like 1Password can’t handle an additional pass).

It has been abandoned for the time-being because it was going to take 3-5 days to re-tool it to bring back items from an old file structure AND account for the WP 3.7 Heartbeat API.

I could pick up development again for a few hundred dollars to devote a couple of hours per day for a while to do alongside my client projects.

If you’re willing to get the logout/timeout issues with Heartbeat kicking you out, then I’d recommend reverting to a v3.x.x version that still used the URL stealth.