Problems when renaming login page
-
There seems to be an incompatibility that was not present in the old Active Directory Integration plugin. If you use another plugin that changes the default WordPress login page to something else, NADI will simply be bypassed. For example, using “All In One WP Security” you can change your login page to a different one in the “Brute Force” section of their plugin:
Enable Rename Login Page Feature:
Check this if you want to enable the rename login page feature
Login Page URL: https://example.com
my_new_login
Enter a string which will represent your secure login page slug. You are enouraged to choose something which is hard to guess and only you will remember.If I enable this feature, NADI is basically bypassed. I *think* this may be because of /classes/Adi/Init.php:
public function isOnLoginPage() { $r = false; $page = $_SERVER['PHP_SELF']; $required = "wp-login.php"; $isOnWpLogin = substr($page, -strlen($required)) == $required; $isOnXmlRpc = strpos($page, 'xmlrpc.php') !== false; if ($isOnWpLogin || $isOnXmlRpc) { $r = true; } $r = apply_filters(NEXT_AD_INT_PREFIX . 'auth_enable_login_check', $r); return $r; } }
This seems to literally grep the current URL for “wp-login.php” to determine if it’s on the login page. This worked fine in the old ADI but not in NADI. I think some of us like to obscure their login page a bit and it would be nice if this regression could be fixed.
- The topic ‘Problems when renaming login page’ is closed to new replies.