Lockdown WP Admin - Version 1.3

Version Description

Added the ability to change the login URL entirely. It will disable /wp-login.php and give it whatever you want to make it.

Release Info

Developer	sean212
Plugin	Lockdown WP Admin
Version	1.3
Comparing to
See all releases

Code changes from version 1.2 to 1.3

Files changed (3) hide show

admin.php +12 -0
lockdown-wp-admin.php +70 -1
readme.txt +5 -2

admin.php CHANGED Viewed

@@ -21,6 +21,18 @@
             	<label><input type="checkbox" name="hide_wp_admin" value="yep" <?php if ( get_option('ld_hide_wp_admin') === 'yep' ) { ?> checked <?php } ?>> Yes, please hide WP Admin from the user when they aren't logged in.</label>
             	<h3>HTTP Authentication</h3>
             	<p>Please read about HTTP Authentication on <a href="http://en.wikipedia.org/wiki/Basic_access_authentication">http://en.wikipedia.org/wiki/Basic_access_authentication</a>.</p>


21
22	<label><input type="checkbox" name="hide_wp_admin" value="yep" <?php if ( get_option('ld_hide_wp_admin') === 'yep' ) { ?> checked <?php } ?>> Yes, please hide WP Admin from the user when they aren't logged in.</label>
23
24	+ <br /><br />
25	+ <label> Change the WordPress Login URL? <?php echo wp_guess_url().'/'; ?><input type="text" name="login_base" value="<?php echo $this->login_base; ?>" /><br />
26	+ <em>This will change it from <?php echo wp_guess_url(); ?>/wp-login.php to whatever you put in this box. If you leave it <strong>black</strong>, it will be disabled.<br />
27	+ Say if you put "login" into the box, your new login URL will be <?php echo wp_guess_url(); ?>/login/.</em></label>
28	+
29	+ <?php
30	+ global $auth_obj;
31	+ $url = wp_guess_url() . '/'. $this->login_base;
32	+ ?>
33	+ <p>Your current login URL is <code><a href="<?php echo $url; ?>"><?php echo $url; ?></a></code>.</p>
34	+
35	+
36	<h3>HTTP Authentication</h3>
37	<p>Please read about HTTP Authentication on <a href="http://en.wikipedia.org/wiki/Basic_access_authentication">http://en.wikipedia.org/wiki/Basic_access_authentication</a>.</p>
38

lockdown-wp-admin.php CHANGED Viewed

@@ -3,7 +3,7 @@
             Plugin Name: Lockdown WordPress Admin
             Plugin URI: http://talkingwithsean.com/2011/01/lockdown-wp-admin/
             Description: Securing the WordPress Administration interface.
-            -
            Version: 1.2
             Author: Sean Fisher
             Author URI: http://talkingwithsean.com/
             License: GPL v3
@@ -37,6 +37,13 @@ class WP_LockAuth {
             	**/
             	private $current_user = FALSE;
             	function WP_LockAuth()
+            	{
             		//	We don't like adding network wide WordPress plugins.
@@ -48,6 +55,9 @@ class WP_LockAuth {
             		//	Setup the plugin.
             		$this->setup_hide_admin();
             		//	We no longer update the options here, but rather when we call on the callback function from the menu.
             		//	More secure.
+            	}
@@ -171,6 +181,12 @@ class WP_LockAuth {
             				update_option('ld_hide_wp_admin', 'nope');
+            		}
             		//	Redirect
             		define('LD_WP_ADMIN', TRUE);
             		return;
@@ -465,6 +481,59 @@ class WP_LockAuth {
             		$private_users = $this->get_private_users();
             		require_once( dirname( __FILE__ ) . '/admin-private-users.php' );
+            	}
+            }
             /**


3	Plugin Name: Lockdown WordPress Admin
4	Plugin URI: http://talkingwithsean.com/2011/01/lockdown-wp-admin/
5	Description: Securing the WordPress Administration interface.
6	+ Version: 1.3
7	Author: Sean Fisher
8	Author URI: http://talkingwithsean.com/
9	License: GPL v3

37	**/
38	private $current_user = FALSE;
39
40	+ /**
41	+ * The base to get the login url
42	+ *
43	+ * @access private
44	+ **/
45	+ private $login_base = FALSE;
46	+
47	function WP_LockAuth()
48	{
49	// We don't like adding network wide WordPress plugins.

55	// Setup the plugin.
56	$this->setup_hide_admin();
57
58	+ // Hide the login form
59	+ $this->redo_login_form();
60	+
61	// We no longer update the options here, but rather when we call on the callback function from the menu.
62	// More secure.
63	}

181	update_option('ld_hide_wp_admin', 'nope');
182	}
183
184	+ if ( isset( $_POST['login_base'] ) )
185	+ {
186	+ update_option('ld_login_base', sanitize_title_with_dashes( $_POST['login_base']));
187	+ $this->login_base = sanitize_title_with_dashes ( $_POST['login_base'] );
188	+ }
189	+
190	// Redirect
191	define('LD_WP_ADMIN', TRUE);
192	return;

481	$private_users = $this->get_private_users();
482	require_once( dirname( __FILE__ ) . '/admin-private-users.php' );
483	}
484	+
485	+ /**
486	+ * Rename the login URL
487	+ *
488	+ * @access public
489	+ **/
490	+ public function redo_login_form()
491	+ {
492	+ $login_base = get_option('ld_login_base');
493	+
494	+ // It's not enabled.
495	+ if ( $login_base == NULL \|\| !$login_base \|\| $login_base == '' )
496	+ return;
497	+
498	+ $this->login_base = $login_base;
499	+ unset( $login_base );
500	+
501	+ // Setup the filters for the new login form
502	+ add_filter('wp_redirect', array( &$this, 'filter_wp_login'));
503	+ add_filter('network_site_url', array( &$this, 'filter_wp_login'));
504	+ add_filter('site_url', array( &$this, 'filter_wp_login'));
505	+
506	+ // The request URL
507	+ $url = str_replace('/', '', $_SERVER['REQUEST_URI'] );;
508	+
509	+ list( $base, $query ) = explode( '?', $url, 2 );
510	+
511	+ // Are they visiting wp-login.php?
512	+ if ( $base == 'wp-login.php')
513	+ {
514	+ status_header(404);
515	+ require( get_404_template() );
516	+
517	+ exit;
518	+ }
519	+
520	+ // Is this the "login" url?
521	+ if ( $base !== $this->login_base )
522	+ return FALSE;
523	+
524	+ include ABSPATH . "/wp-login.php";
525	+ exit;
526	+ }
527	+
528	+ /**
529	+ * Filters out wp-login to whatever they named it
530	+ *
531	+ * @access public
532	+ **/
533	+ public function filter_wp_login( $str )
534	+ {
535	+ return str_replace('wp-login.php', $this->login_base, $str);
536	+ }
537	}
538
539	/**

readme.txt CHANGED Viewed

	@@ -5,7 +5,7 @@ Link: http://talkingwithsean.com/2011/01/lockdown-wp-admin/
5	Tags: security, wp-admin, http auth, 404, lockdown, talkingwithsean, secure
6	Requires at least: 3.0
7	Tested up to: 3.2
8	- Stable tag: 1.2
9
10	This plugin will hide /wp-admin/ when you aren't logged in. If a user isn't logged in and they attempt to access /wp-admin/ directly, they will be unable to and it will return a 404.
11
	@@ -49,4 +49,7 @@ None yet.
49
50	= 1.2 =
51	* Cleaned up more code.
52	- * Security fixes that will prevent somebody from possibly hijacking your website. (Props Jon Cave)


5	Tags: security, wp-admin, http auth, 404, lockdown, talkingwithsean, secure
6	Requires at least: 3.0
7	Tested up to: 3.2
8	+ Stable tag: 1.3
9
10	This plugin will hide /wp-admin/ when you aren't logged in. If a user isn't logged in and they attempt to access /wp-admin/ directly, they will be unable to and it will return a 404.
11

49
50	= 1.2 =
51	* Cleaned up more code.
52	+ * Security fixes that will prevent somebody from possibly hijacking your website. (Props Jon Cave)
53	+
54	+ = 1.3 =
55	+ * Added the ability to change the login URL entirely. It will disable /wp-login.php and give it whatever you want to make it.