Hide Backend Bug

  • JRSystem

    (@jrsystem)


    8 years ago

    Hi.
    I think I’ve found a bug in the Backend Hide section.
    Anywhere from a web, with sidebar enabled> meta> log in, you can get the path set to “Hide Backend”.
    Add capture screen now.
    Best regards.

    Access to the path set

    • This topic was modified 8 years ago by JRSystem.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter JRSystem

    (@jrsystem)

    Access to the path set

    Thread Starter JRSystem

    (@jrsystem)

    Hi.
    Someone else the happens.
    It is very easy to get the hidden route, just go to connect in the sidebar and in the browser appears the hidden route.
    Best regards.

    Thread Starter JRSystem

    (@jrsystem)

    I’ve seen the video posted by iThemes Security and it looks like it’s normal.
    Nobody says anything.

    The intro text for the Hide Backend Module clearly states:

    Hides the login page (wp-login.php, wp-admin, admin and login) making it harder to find by automated attacks and making it easier for users unfamiliar with the WordPress platform.

    So it will be hidden for botnets which automatically try to login using standard admin login URLs.

    If you don’t want the hidden slug to appear on your frontend website simply remove the link from the active theme. However this is only an option if you don’t offer visitors the option to register (and thus login).

    Anyway Hide Backend is specifically designed to prevent automated brute force attacks using the default WordPress login page slugs.

    Thread Starter JRSystem

    (@jrsystem)

    Ok, thanks.
    However, it could be designed for automatic and manual attacks.
    Still, I appreciate the work of the author.
    Best regards.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Hide Backend Bug’ is closed to new replies.