Hello,
I am currently finalising a WordPress site that doesnt have a domain pointed to it, I am accessing it via a modified HOSTS file on my computer. I’ve installed your HMWP plugin and Im looking for some clarification on the expected behaviour of the “Hide Login Page” and “Change Login URL” features.
Hide Login Page:
In a default WP install you login via wp-login.php. If I enable the hide login page feature using a QUERY value of secret-key and a KEY of pass the login link will be wp-login.php?secret-key=pass.
On my WP site, members are allowed to comment on blog posts, if I were to follow a login link from the comment section of a blog post it shows the Query/Key that I set in HMWP in the link – thus making it visible to the public (and thus pointless).
Is this the expected behaviour? Is this feature not worth using if you intend to have members comment on posts since your not really hiding the secret login URL?
—
Change Login URL:
I’m logged into the backend of my WP site via Microsoft Edge, Im viewing the front-end of the website via Firefox (not logged in) so I can constantly clear-cache/refresh the front-end after every tweak in HMWP to make sure nothing breaks.
As a test, I set the Change Login URL to /login. I then checked the front-end login link (in the comments section of a blog post) and the link was showing http://example-domain.com/login?redirect_to=http://example-domain.com/link-to-example-post. Upon clicking the link to login I get a 404 Error – upon looking at the source code I noticed it was the 404 page from the current-non-WP-website that the domain currently points to (remember Im using HOSTS file to access WP site).
So with the Hide Login Page & Change Login URL features disabled I can login fine, but when I enable them I get a 404 instead of the login page. Im assuming that this is happening due to a combination of me accessing the WP site via a modified HOSTS file and the .htaccess modifications these features add – am I right?
Regards
.
