wp-admin/customize.php

  • Resolved hafman

    (@hafman)


    7 years, 2 months ago

    I have renamed the wp-login and wp-admin pages with Shield and that works well but i’m still seeing login attempts albeit fewer than before. I learned that login was possible with /wp-admin/customize.php so i tried it and it did try to open the customiser panel with a login page! What’s more, my custom login url was visible in the address bar.

    Funny all other files in wp-admin are unreachable with the protection enabled. Is it possible to include wp-admin/customize.php?
    I don’t use the customiser so i’ve temporarily redirected it to 404.php in .htaccess, also to see if the login attempts stop

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author Paul

    (@paultgoodchild)

    I’ll dig into this and see what I can do about that. Thanks for reporting it!

    Also, when you say you’re “still seeing login attempts”… how are you seeing them?

    Thread Starter hafman

    (@hafman)

    I have Sucuri security installed as well and it sends me emails whenever logins or attempts happen. There were 50 a day at one point but it’s a trickle now since renaming.

    Thread Starter hafman

    (@hafman)

    this is where i found out the customizer.php
    https://www.ads-software.com/support/topic/wps-hide-login-can-be-bypassed/

    • This reply was modified 7 years, 2 months ago by hafman. Reason: wrong URL entered
    Plugin Author Paul

    (@paultgoodchild)

    I’ll look at the customizer thing, but the reason I asked about how you’re seeing the logins is because of this:
    https://icontrolwp.freshdesk.com/support/solutions/articles/3000058533-sucuri (there’s a link to Wordfence also, and this will explain it further).

    Thread Starter hafman

    (@hafman)

    Thanks Paul, I’ve deactivated Sucuri now as Shield does mostly the same without scaremongering and bothering me with emails. The login attempts have dropped off almost completely since yesterday.

    Plugin Author Paul

    (@paultgoodchild)

    Good call. I hear you on the Scaremongering… I think many folks find it slightly addictive. We had a great plugin review on just that (https://twitter.com/iControlWP/status/899356872226066432 )

    So I have a solution to the customize.php issue. It went much deeper than just customize and it might present a great long-term solution going forward, but it may need a bit of testing as it could interfere with other random things I’m not aware of. Would you be up for that? If so I’ll show you how.

    Thread Starter hafman

    (@hafman)

    Hello Paul, yes i would like to test. Sorry for the delay in replying
    – Nick

    Plugin Author Paul

    (@paultgoodchild)

    It’s been released already, so your problem should be fixed

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘wp-admin/customize.php’ is closed to new replies.