mwarbinek

Welcome, that is what a guinea pig is for ??

I just finished posting in their help forum for that plugin.

Thanks
Mark

Ok, your right. I should have thought of that before posting.

The plugin that conflicts with your “rename login” is:

“WPtouch Mobile Plugin”

Sad, because that plugin allows people to view my blog from a cell phone.

Oh well, I will let them know and in the mean time find something else to use.

Now that I deactivated the “WPtouch Mobile Plugin” I get an error page that says I have to be logged into admin to access that php file. That is good. No more redirects to my login page.

Of course, I will keep you up to date on new hack attempts, after all I am the official guinea pig now.

??

Mark

Thanks

Here again is the problem.

When a hacker types in the URL like this:
“https://(sitename.com)/WordPress/wp-admin/edit-comments.php”,

WordPress redirects him to my login page and the URL redirect looks like this:
“https://(sitename.com)/(my renamed login name)/?redirect_to=http%3A%2F%2F(sitename.com)%2FWordPress%2Fwp-admin%2Fedit-comments.php&reauth=1”

It appears to resolve this, maybe change the redirect URL to somewhere else or change the “reauth=1” to another authorization code number so the hacker does not get the login page?

Anyone have ideas?
(PS I am not fully versed in PHP so this is why I am asking here)

Does anyone have an answer to this issue?

I am still getting hackers to my login page with this problem.

No problem, my fault, should have clarified that at first, did not notice.

PS: I donated 20 GBP to your plugin via PayPal.

Nice work, eliminates the repeated hassle of IP blocking. Please keep the plugin going.

No, not for you to add it to the plugin, for others to do that work themselves if they choose and it does not require any personal mods to your plugin. I did my own work since I get a lot of hacker attempts.

Oh yes, I suggest to get a plugin to hide the Meta Link > “wp-login” on the front of your Word Press blog.

Yes, rename-login eliminates the value of that link, but to make it harder for hackers to access the login page, I used a plugin to hide the front-end Meta link since WordPress developers still have decided to block our admin access to those links.

Janneke, Oh your the bad guy eh?

Yea, I know it does not work, thought it did until I used a full URL to access the login page. It worked for a short URL (without the https://www.) but the moment the URL was full, it failed too.

Nope, the idea did not work. Had to do with how the website is accessed and redirected when using “www” versus no “www”.

I wait for the fix ??

Ok, the root access “www.etc” bypasses everything, even the fake login pages. It only works when the url is without the www.

I have an idea to work with, I will test that and see. Be back soon.

Let go back now and reinstall the fake Login pages and see if the www root is blocked.

Moment…

OK, here it is, another glitch.

Here is my URL:
https://www.mormondirection.com

If you use the full URL – “www.etc”, it will bypass the plugin.

If you use a short URL version removing the “www” the plugin works.

Go to “www.mormondirection.com/wp-content/uploads/2013/12/wp-login.php” , you will access the login and see my renamed login page name.

Then go to “mormondirection.com/wp-content/uploads/2013/12/wp-login.php ” (remove the www) and you get the 404 page.

I will wait here for your experience in this….

Ok, give me a couple of minutes, I will post the OK momentarily. Do not worry about the rename I did, I can always rename it again.

Moment…….

In the URL field box, it showed my renamed login page, not the r. egular “wp-login.php” name. So the bypass method took the hacker to my renamed login page.

Yes, it gives a 404 now because I fixed it as described. Want me to delete a fake login page to try it again?

Update >> Remember to make a new name for your login page since the bypass revealed the recent one so the hacker has the renamed login url.