tabrisrp / wps-hide-login Goto Github PK

The plugin doesn't change the URL structure in the default email template sent to users when they change their email address.

The URL I see in the email looks like this:

https://URL.com/wp-admin/profile.php?newuseremail=fefaa798051ccd2c2b7bebd5d0

Since all traffic to /wp-admin/ goes to the 404 page by the design of the plugin, users are unable to confirm change of their email address.

Hello,
I wanted to try your plugin. After install It won't be activated. I'm getting this error message:
Parse error: syntax error, unexpected T_USE, expecting T_FUNCTION in ..................wp-content/plugins/wps-hide-login/classes/plugin.php on line 8
I tried to disable all plugins if I will see some compatibility issue with other plugins. It didn't help. Maybe it's an issue with WP theme.

Do you have an idea what I can try to do?
Thank you,
L.

I have completely forgotten what I named my login page. I have FTP access to my server, is it possible to see what my login page is?

Dear Developers!

I'm sorry, I do not really speak good English. I have not been able to sign in and can not access the admin interface since Wordpress update. I managed to find out that unfortunately the plugin caused the problem. Please correct the error!

After completing the second factor for login and it redirects to wp-admin it still says it's disabled, not recognising a successful login has taken place.

After a few minutes after logging in, even if I try to move to the page I want, it moves to the .

It would be a helpful option if you could select the targets to which you are forwarded.
https://wordpress.org/support/topic/redirect-page-6/

Hi! I found a problem in case when the url of WP Admin is different than url of wordpress site. After login the plugin redirect user to 404 page.

How to reproduce?

1. Go to the WP Admin Panel
2. Go to Settings -> General
3. Change Site Address (URL) to something else and save
4. After login to wordpress admin panel the plugin redirect you to the before changed site address with 404 insted of /wp-admin/

What we expect
The plugin should redirect user to /wp-admin/ in Wordpress Address (URL).

Hi,

Do you mind if I clean the checkstyle of your WordPress plugin?

I just updated to version 1.5.4.
Since then, the 'login url' has changed.
I'm using 'wordpress url' and 'site url' differently.
'wordpress url' is http://mysite.com/wordpress
'site url' is http://mysite.com
Before the plugin update, the 'login url' was http://mysite.com/login/, but after the update it became http://mysite.com/wordpress/login/.

Where can i report bugs ?

Hey,

Great plugin. When I had a user, say for example "test user" use forget password, the email link doesn't include a "%20" where the space should be in the link.

The sample link would be <http://testsite.com/new_wp/?action=rpQWAadSstAn6mlAzRec0z&login=Test User> rather than http://testsite.com/new_wp/?action=rpQWAadSstAn6mlAzRec0z&login=Test%20User

Hi.. Did is possible when the plugin is installed and the login page renamed to insert the file wp-login.php in the Wordfence blacklist causing the block of all malicious hit to wp-login.php..?

This is an important question

Thanks very much for help

Tried this plugin on my site and it would not work because I was being directed to http address instead of https. My site is configured to use http for viewing the website but https when logging in or using the admin. There doesn't appear to be a way to change the part of the address that sets this which I believe is what is causing the plugin to not work properly with my site.

Cannot find it in settings general....no appearing

Hi
I have used this plugin on 3 sites, only one of which takes comments, and on that site the authors report that they can't approve comments via the usual inline email message links, which I presume is because the standard login route has been modified. Can this be resolved or do I need to look at an alternative way to hide the login where comments notification links are emailed out for approval?
Thanks

I use WHL on many sites, this is my first one with BuddyPress, but the official plugin description specifically states they should play nice together.

Issue is this... When both WHL and BP are active, the login page gets refreshed after a successful login, rather than a redirect anywhere. If WHL is disabled and (wp-login is used), successful redirect to admin page after login. If BP is disabled, successful redirect after login.

It's a completely fresh install for a new BP project. WP 4.7.1 (6 dec 2016) with BP 2.7.3 (7 dec 2016) and WHL 1.1.7 (18 dec 2016). Tried the 2017, 2015 and 2013 (unmodified) default WP themes and some redirect-on-login plugins with no change. All plugins disabled one at a time until the interaction between WHL and BP was confirmed.

Thoughts?

There must be a hole in the plugin, because for some time now hackers discover my login address even if I change it to not dictionary string (e.g. "A7jkj4hT6"). Today I changed it again and it took someone 20 minutes to find it and try to login (failed luckily) :)
By the way the plugin removes any special characters from address and only letters and numbers are working. But that is not a big problem :)
So please investigate if you can. I like your plugin very much but there was no update for a long time. If you need some more details please let me know, I'll see what I can provide.
Best regards.

Hi there,

As you are using "WP Review Me", the minimum WP version is not 4.1 but 4.2.

WP Review Me Error: The library can not be used because your version of WordPress is too old. You need version 4.2 at least.

Cheers,

I have a question
Would it be possible to change only one url, for example wp-login.php and keep wp-admin.php present?
Because I only want to change wp-login.php but for hosting I need not change wp-admin.php

I am sorry for my English.

Hi! Please take a look into the issue if possible! Wordfence warned that plugin may be revealing the hidden login url. And the patched version isn't out yet. Thank you!

In my site when using wps-hide-login plugin if i opened 404 page the login url in that page will be only '#'

after deep looking in the plugin code i found that there's condition to do that in wps-hide-login/classes/plugin.php#687

/**
	 *
	 * Update url redirect : wp-admin/options.php
	 *
	 * @param $login_url
	 * @param $redirect
	 * @param $force_reauth
	 *
	 * @return string
	 */
	public function login_url( $login_url, $redirect, $force_reauth ) {
		if ( is_404() ) {
			return '#';
		}

		if ( $force_reauth === false ) {
			return $login_url;
		}

		if ( empty( $redirect ) ) {
			return $login_url;
		}

		$redirect = explode( '?', $redirect );

		if ( $redirect[0] === admin_url( 'options.php' ) ) {
			$login_url = admin_url();
		}

		return $login_url;
	}

but i am wondering why ? why not just leave the login url as it in 404 page?

Hi, I used wps-hide-login to have a customize admin login page. When i used the customize admin login page and log in my account, I will be redirected to /wp-admin which is disabled. Any suggestion?

We're using the plugin fine(thanks for all of your work!), but we have been (still) getting hack attempts where the security plugin(Wordfence) tells us people are repeatedly trying to login, adn getting blocked. I noticed the form action also goes to the new, obfuscated URL, but I'm wondering if a 'curl' POST to the original wp-login.php URL would succeed. I'm wondering also if these attempts are script based...

I was going to add a CSRF plugin to try to make sure that the person logging in actually started the session with a GET.

thoughts or recommendations??

Hi,

I'm facing an issue with WP installed in its own custom directory (e.g. /wp) and the User Switching plugin.

When switching to another user (e.g from admin to editor) and trying to switch back, I get the error:

Could not switch users.

Steps to reproduce:

1. Install WP in custom directory (e.g. /wp)
2. Install & activate User Switching plugin
3. Install & activate WPS Hide Login plugin
4. Add editor user
5. Click 'Switch to' link below editor username
6. Click 'Switch back to admin' link in admin notice or user menu.

By deactivating WPS Hide Login it works as expected.

The switch action posted to wp-login.php is switch_to_olduser.

The URL without WPS Hide Login is:
https://test.dev/wp/wp-login.php?action=switch_to_olduser&nr=1&_wpnonce=xxx&redirect_to=https%3A%2F%2Ftest.dev%wp%2Fwp-admin%2F%3Fuser_switched%3Dtrue

with WPS Hide Login activated:
https://test.dev/login/?action=switch_to_olduser&nr=1&_wpnonce=xxx&redirect_to=https%3A%2F%2Ftest.dev%wp%2Fwp-admin%2F%3Fuser_switched%3Dtrue

Note: with WP installed in the root it works as expected.

Thanks

The conditional check below searches for the occurrence of wp-signup in the URL. If found, it prevents the plugin from being activated with the the message of This feature is not enabled.

https://github.com/Tabrisrp/wps-hide-login/blob/master/wps-hide-login.php#L356

We have a plugin called Signup Referrals (https://affiliatewp.com/add-ons/pro/signup-referrals/) which has a folder and file name of affiliatewp-signup-referrals

Since the URL at activation contains wp-signup, it's not possible for our customers to activate our plugin when also using WPS Hide Login:

/wp-admin/plugins.php?action=activate&plugin=affiliatewp-signup-referrals%2Faffiliatewp-signup-referrals.php&plugin_status=all&paged=1&s&_wpnonce=b09bdf0737

Could you kindly update the conditional check so it takes into consideration other plugins that may use wp-signup in the URL?

Thank you

Hello, I was wondering if you could add an option where an administrator could disable the /wp-admin/ and /wp-login/ pages where they would bring up a 404 error to visitors instead of them being redirected to the actual login page.

Thanks,
Tom

Hi,

I'm using this plugin on several websites. It has always worked as expected.
But now I have an issue on a website with qTranslate X plugin.
I'm using Pre-Path Mode (Default, puts /en/ in front of URL, even for default language).
If I set the login URL: mywebsite.com/en/login/
when I try to go to mywebsite.com/en/login/ I get a 404 error page.
I saw that $_SERVER['REQUEST_URI'] is:
mywebsite.com/en/en/login/
so it's like it adds an additional “en/” to the URL.

Could you reproduce the issue?
qTranslate plugin is free and fairly popular: https://wordpress.org/plugins/qtranslate-x/

Thanks
Davide