• @unicorn03 @erku (I included the tags because Andrea had said they had no notifications. Let me know if that irritates anyone).

    I just put this plugin on ALL my sites haha.

    I have a couple of sites that can only be viewed fully when logged in, so anyone who visits the domain is immediately redirected to a login page.

    On those sites ONLY the X-frames-Options header is working with the plugin.

    Does this mean the plugin isn’t working on login pages?

    Or… Maybe there is no problem at all and I just need more education about security headers and how they work. ??

    Is this something that needs to be fixed? Or only my brain needs to be fixed?

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter thirstyjon

    (@thirstyjon)

    Actually, I just noticed on the site I used as an example that not even the X-Frame-Options is working.

    On my other two sites like that the X-Frame-Options IS working, but not the other headers.

    worldwideawakening.net is hosted on a free non-profit version of Dreamhost’s hosting, so I don’t know if that is a contributing issue.

    But I mostly just want to know in general should the plugin be working when the site redirects all visitors to login, and if it should be working why isn’t it.

    Plugin Contributor Rimas

    (@erku)

    The headers are added using the wp_headers hook. I can only guess that that hook is not used by the login page. Are there any other hooks or filters we could use instead? Probably, but I don’t know (I’m not actually a fan of WordPress programming, so it’s no wonder I don’t know their API).

    If you check your wp-login.php on other websites using the SecurityHeaders service, you’ll likely notice the same symptom. At least that’s what happens when I check my wp-login.php: I’m getting a D rating here instead of A+ like I do with the homepage.

    Let’s hope Andrea will take a deeper look. ??

    • This reply was modified 1 year, 10 months ago by Rimas.
    Thread Starter thirstyjon

    (@thirstyjon)

    @erku

    ??

    I look forward to hearing what Andrea @unicorn03 has to say.

    • This reply was modified 1 year, 10 months ago by thirstyjon.
    Plugin Author Andrea Ferro

    (@unicorn03)

    Hi @thirstyjon , thanks for this new topic and for helping to improve the plugin. I am currently checking your issue and will get back to you as soon as possible.

    Thread Starter thirstyjon

    (@thirstyjon)

    Thanks Andrea @unicorn03

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Plugin Possibly Does Not Fully Work On Login Pages…’ is closed to new replies.