[Plugin: Lockdown WP Admin] Purpose?

Well it has two main features.

1. It hides /wp-admin/ from those that aren’t logged in. Instead of just moving wp-admin like many people want to do but that requires modifing core code. I’m not saying it’s supported, but you could also rename wp-login.php to lets say login-page.php, it isn’t supported but I have renamed it and then used other hooks to change the links to wp-login.php.

2. It provides HTTP auth. Many people have problems with this because it’s too hard to understand or implement. I made it simple but adding HTTP auth using PHP. It allows you to add HTTP auth using your WordPress credentials or another set of username/passwords to have a double level security. I use this on a news blog site of mine with many different reporters adding content. We had an outbreak where one password for a user was bruteforced, so we added this. Now, they have to have two sets of username and passwords to get into /wp-admin/.

Hi Sean!

I downloaded the Lockdown plugin and i got locked out!

How can I reconnect to my .php files? I tried to use WP auth method.

Please advice!

Best Regards
Thomas

Hi!

When you set it up, did you try to use the WordPress credentials method? If you did, just login with your WordPress credentials (username only I believe and your password).

Hi. I am running WP 3.0.4 and I just installed this plugin and enabled using WP login credentials. I am now seeing blank white pages.

My php error logs show the following error:

PHP Fatal error: Call to undefined function get_user_id_from_string() …/wp-content/plugins/lockdown-wp-admin/lockdown-wp-admin.php on line 308

I’ve had to disable the plugin via the database to get back into my admin page.

Any idea whats going on?

Ahhh, this is a bug within the plugin.

It was calling on a function that is really WP-MS only. I have fixed it and just pushed out a bug fix.

It should be in your WordPress update soon enough.

Hi Sean – installed your plug-in. Sounded good.

However, It would not let me change the location of the wp-login.php. For example, let’s say I put in “rocket” in the blank field (where you used “login” as an example), it switched the word I put in to “base”. This happened no matter what I tried.

Also, I set HTTP access to use WordPress credentials and now it won’t let me login. I get past my normal login page but then get your screen pop-up that never goes away and never lets me login and if I click cancel it just says Authentication required.

I cannot access anything at this point. A real bummer. Any ideas how I can uninstall of fix this problem? ??

@dakasky What setup do you have, e.g. server/hosting/hosting company/etc?

If you can’t login, just delete the /wp-content/plugins/lockdown-wp-admin until I get a fix out.

Thanks for the reply. Latest version of WP with Jetpack using 1and1 shared hosting. Yeah figured out to delete that to get back in. Was running a few other plugins. Login Lockdown and SI Captcha. Maybe Login Lockdown conflicted with your plugin? It conflicted with SI Captcha so I disabled it. Lemme know what you figure out on both issues. ?? it would be nice to use your plugin. I won’t give a rating until later.

This is very strange.. I’ll investigate a bit more. There’s no reason either of those plugins should affect the renaming of the login URL.

I just pushed an update to 1.4. It has some bug fixes in it that might fix it, but it might not. We’ll have to see.

Appreciate the effort. I reinstalled and immediately it pops up wanting the password prompted by your plugin. I had set it for the same as my WordPress creds, and it still doesn’t work. So, apparently it modified some other files in the prior install, which must be where the issue resides. I wish I could just get my WP install back to the same as before your plugin at this point, and remove your code from any modified files, so it doesn’t cause any other issues. I deleted your plugin folder, of course, like before, and was able to get out of the endless password request loop.

Really having doubts about something that is related to my password at this point. Only plug ins when this first happened are Akismet, EZPZ One Click Backup, Hello Dolly, Jetpack by WordPress.com, SI CAPTCHA Anti-Spam, WordPress Importer, and that other one I removed… Login Lockdown.

Again, I appreciate your effort. You know I have seen several plugins have problems with Jetpack. FYI – running latest versions of everything. ?? Got any solutions?

Well maybe it might be a plugin, but i’d love to check this out on a per site basis. And to get into your site when the plugin is active at this point, you have to remove an option (and that can only be done from the DB). If you’d like, you can email me at [email protected] and I can try and figure out what’s up with your site. Just a little FTP should do :p

The plugin doesn’t modify core WP files. ??

Thanks for the offer Sean, but I don’t feel comfortable letting someone I don’t know FTP into my site. ?? So, that being said. After I delete the folder for your plugin, are there any remnants that remain elsewhere that I need to find and delete? Thanks again for you efforts and good luck.

@sean Same thing with @dakasky, the location of wp-login can’t be changed, it will be reverted to ‘base’. ??

Bah!! I hope these issues get fixed because the concept is a good one. Looking at other security plugins as we speak. ??