New WP install, default logins not hidden

It shouldn’t redirect until the checkbox to enable it is checked, which is defaulted unchecked upon install. Did it say exactly that? “?question=answer” in the URL? If so, I can see where that originated from.

Go ahead and grab the latest version, though – what version did you upload into a new install?

2.1.0 has an issue. I’m updating to 2.1.1 at the moment as soon as I rectify a conditional logic issue.

Hi Jesse,

Thanks for your replies. Looks like you’re “on it” as they say. And I thought I should give you a response anyway.

No, it used my secret question and answer, I just used “question” and “answer” as placeholders in my post here. Also, looking back at the email sent with the custom URL in it, the custom URL followed this form:

https://www.myclientsdomain.com/wp-login.php/?question=answer?question=answer

I didn’t notice the duplicated Q/A paring and the slash between .php and ? until this morning.

I loaded the most recent version from the WP repository at the time (2.1.0, which you indicate has a conditional logic issue).

btw, while you’re in there, i just noticed a typo on the /options-general.php?page=stealth-login-page. The word customizable is missing an “a”.

Thanks for the head’s up and the information.

2.1.1 is live. Please update immediately.

Tally-ho! Redirection is working well!

But hey. In the options page, I checked the box to send URL to admin’s email. In the email it came through with this convention:

https://www.clientdomain.com/wp-login.php?Q=A?Q=A

Where “Q” is my secret Question and “A” is my secret Answer.

thanks for the quick work!

all best,
G

Personally, I like the redirect on logout because I just use the site’s homepage as redirect URL.

But I can see how if somebody wanted to redirect to good ol’ rick you might not want to rick roll a valid user logging out…

heheheh.

G

Thanks for pointing out that URL. It was using an old convention:

wp_login_url() . ‘?’ . $slp_options[‘question’] . ‘=’ . $slp_options[‘answer’] )

I’ve replaced the wp_login_url() with the new URL so it was thus repeating it. I’m going to fix that as I type.

I’m not going to rev the plugin for this change, so here is what I edited in /includes/settings-page.php Line 8… grab the whole thing and replace the entire function.

add_action( 'admin_init', 'slp_email_admin' );
function slp_email_admin() {
	global $slp_options, $custom_url;
	if ( isset( $slp_options['enable'] ) && $slp_options['question'] && $slp_options['answer']  && isset ( $_POST['email-admin'] ) && current_user_can( 'manage_options' ) ) {
		$to = get_bloginfo( 'admin_email' );
		$subject = sprintf( __( 'Custom login URL for %s', 'stealth-login-page' ), get_bloginfo( 'name' ) );
		$message = sprintf( __( 'Your custom login URL for %1$s is %2$s', 'stealth-login-page' ), get_bloginfo( 'name' ), $custom_url;
		wp_mail( $to, $subject, $message );
	}
}

Actually, this

add_action( 'admin_init', 'slp_email_admin' );
function slp_email_admin() {
	global $slp_options, $custom_url;
	if ( isset( $slp_options['enable'] ) && $slp_options['question'] && $slp_options['answer']  && isset ( $_POST['email-admin'] ) && current_user_can( 'manage_options' ) ) {
		$to = get_bloginfo( 'admin_email' );
		$subject = sprintf( __( 'Custom login URL for %s', 'stealth-login-page' ), get_bloginfo( 'name' ) );
		$message = sprintf( __( 'Your custom login URL for %1$s is %2$s', 'stealth-login-page' ), get_bloginfo( 'name' ), $custom_url );
		wp_mail( $to, $subject, $message );
	}
}

Great!

I commented out everything after “wp-login.php” when setting $custom_url_ending in plugin.php

$custom_url_ending = "wp-login.php";//?" . $slp_options['question'] . '=' . $slp_options['answer'];

And it seemed to work better for me. Not sure why.

-Greg

p.s. I guess I don’t know how to get my code to display here in a nice scrollable box. huh.

Well, if you do that, then your WP login/out URL is going to return to /wp-login.php with nothing after it and be redirected and it makes the entire function above that (the reason for 2.1.0) non-functioning. Same-same. The function is negated when you do that.

Translated:

$old  = array( "/(wp-login\.php)/");
    $new  = array( "wp-login.php" );

See the box below the editor box with instructions on code? Or that little code button above this box as you type a reply to me?

I liked this plugin, but it needs some improvements.
It does not work with other actions in wp-login, like register and lostpassword for example.

2.1.0 did fix the lost password link and anyone allowing registrations from the base login screen can skip this plugin, as it’s not in the best interest of site security. That will not be addressed by any changes in the future.

2.1.0
Corrected the logout link in the dashboard and the lost password link on the login page.

Hi Jesse,

Installed v2.1.2, and I still get attackes (2 min intervals). I myself cannot access my website login page, how do “they” find it?

I also never received the email with question and answer as per suggested by checking the box.

Can you help? Anything I missed?

Regards,

Andre