Forum Replies Created

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • October 13, 2015 at 11:33 pm in reply to: Login url reveiled after try to acces wp-login.php #5079
    Ar
    Active
    Post count: 12

    After looking everywhere for a solution i found a fix , for anyone under attack and reading this and (like me) has no time to wait for support to wake up:

    1) install 404 page plugin (safe link) this plugin.

    2) After that assign this to a specific page you want as a 404 page by visiting settings-> 404 page

    Hit save (even when the page is showing there!)

    3) Go to HMWP settings and set 404 page to ” Use default 404 page from theme” option. (Dont change wp-login.php now, first hit save)

    Hit save

    4) IMPORTANT: after step 1, 2 and 3 now you can (must) rename the wp-login.php in HMWP settings (in order HMWP to rewrite htaccess rules)

    Hit save

    5) test your site http://www.siteadress.com/wp-login.php and check if this get redirected the right way. Check if the the query params are not send now. So the “hidden” login stays “hidden”

    @HMWP support : recreate the custom 404 page function like the handler of the 404 plugin does and this is solved.

    This also seems to solve conflicts with Ithemes security plugin which also works perfect now

    • This reply was modified 9 years, 3 months ago by Ar.
    • This reply was modified 9 years, 3 months ago by Ar.
    October 13, 2015 at 10:48 pm in reply to: Bug URL login, please help me to fix this problem. #5078
    Ar
    Active
    Post count: 12

    Is this fixed yet???

    “Okay, so you are concerned about the login secret (key-login=1234). You don’t want this to be shown in the redirect URL after someone looks for domain.com/wp-login.php, right? We’ll further look into this and let you know.”

    Isn’t it the overal goal to hide it ?

    October 13, 2015 at 9:14 pm in reply to: Login url reveiled after try to acces wp-login.php #5077
    Ar
    Active
    Post count: 12

    As i see other users are also mention this :

    in forum Hide My WP

    DuncanMac
    Member
    OK – here is the situation:
    Hide Login Page checked
    Login Query set
    Admin Login Key set
    All are set correctly.

    try wp-login.php without the query params – get 404 page (this is goodness)
    However, the TITLE of the 404 page contains all the query information needed (this is SEVERE BADNESS). Also, when you hover over the tab in the browser, the title is displayed, showing the query params.

    This is not good for security – the title should not contain the query params.

    October 13, 2015 at 9:11 pm in reply to: Login url reveiled after try to acces wp-login.php #5076
    Ar
    Active
    Post count: 12

    The hacker only has to change the “&” to “?” in the url and they can access the login form

    October 13, 2015 at 9:09 pm in reply to: Login url reveiled after try to acces wp-login.php #5075
    Ar
    Active
    Post count: 12

    As the attacks are ongoing now we need asap support please

    September 3, 2015 at 5:43 pm in reply to: Theme content / Yoast plugin showing in source code #4437
    Ar
    Active
    Post count: 12

    Happy all is solved 🙂

    September 3, 2015 at 10:55 am in reply to: Theme content / Yoast plugin showing in source code #4421
    Ar
    Active
    Post count: 12
    This reply has been marked as private.
  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)