Lockdown WP Admin - Version 1.3.1

Version Description

  • Added the ability to change the login URL entirely. It will disable /wp-login.php and give it whatever you want to make it.
Download this release

Release Info

Developer sean212
Plugin Icon wp plugin Lockdown WP Admin
Version 1.3.1
Comparing to
See all releases

Code changes from version 1.3 to 1.3.1

Files changed (3) hide show
  1. admin.php +7 -1
  2. lockdown-wp-admin.php +17 -3
  3. readme.txt +2 -2
admin.php CHANGED
@@ -3,7 +3,13 @@
3
 
4
  <?php if ( defined('LD_WP_ADMIN') && LD_WP_ADMIN == TRUE ) { ?>
5
  <div class="updated fade"><p>Options updated!</p></div>
6
- <?php } ?>
 
 
 
 
 
 
7
 
8
  <p>We are going to help make WordPress a bit more secure.</p>
9
 
3
 
4
  <?php if ( defined('LD_WP_ADMIN') && LD_WP_ADMIN == TRUE ) { ?>
5
  <div class="updated fade"><p>Options updated!</p></div>
6
+ <?php }
7
+ if ( defined('LD_DIS_BASE') && LD_DIS_BASE == TRUE )
8
+ {
9
+ ?><div class="updated fade"><p>You can't make that your URL Base!
10
+ </p></div><?php
11
+ }
12
+ ?>
13
 
14
  <p>We are going to help make WordPress a bit more secure.</p>
15
 
lockdown-wp-admin.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Lockdown WordPress Admin
4
  Plugin URI: http://talkingwithsean.com/2011/01/lockdown-wp-admin/
5
  Description: Securing the WordPress Administration interface.
6
- Version: 1.3
7
  Author: Sean Fisher
8
  Author URI: http://talkingwithsean.com/
9
  License: GPL v3
@@ -183,8 +183,22 @@ class WP_LockAuth {
183
 
184
  if ( isset( $_POST['login_base'] ) )
185
  {
186
- update_option('ld_login_base', sanitize_title_with_dashes( $_POST['login_base']));
187
- $this->login_base = sanitize_title_with_dashes ( $_POST['login_base'] );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
188
  }
189
 
190
  // Redirect
3
  Plugin Name: Lockdown WordPress Admin
4
  Plugin URI: http://talkingwithsean.com/2011/01/lockdown-wp-admin/
5
  Description: Securing the WordPress Administration interface.
6
+ Version: 1.3.1
7
  Author: Sean Fisher
8
  Author URI: http://talkingwithsean.com/
9
  License: GPL v3
183
 
184
  if ( isset( $_POST['login_base'] ) )
185
  {
186
+ $base = sanitize_title_with_dashes( $_POST['login_base']);
187
+ $base = str_replace('/', '', $base);
188
+
189
+ $disallowed = array(
190
+ 'user', 'wp-admin', 'wp-content', 'wp-includes', 'wp-feed.php', 'index', 'feed', 'rss', 'robots', 'robots.txt'
191
+ );
192
+ if ( in_array( $base, $disallowed ) )
193
+ {
194
+ define('LD_DIS_BASE', TRUE);
195
+ }
196
+ else
197
+ {
198
+
199
+ update_option('ld_login_base', $base);
200
+ $this->login_base = sanitize_title_with_dashes ( $base );\
201
+ }
202
  }
203
 
204
  // Redirect
readme.txt CHANGED
@@ -5,7 +5,7 @@ Link: http://talkingwithsean.com/2011/01/lockdown-wp-admin/
5
  Tags: security, wp-admin, http auth, 404, lockdown, talkingwithsean, secure
6
  Requires at least: 3.0
7
  Tested up to: 3.2
8
- Stable tag: 1.3
9
 
10
  This plugin will hide /wp-admin/ when you aren't logged in. If a user isn't logged in and they attempt to access /wp-admin/ directly, they will be unable to and it will return a 404.
11
 
@@ -51,5 +51,5 @@ None yet.
51
  * Cleaned up more code.
52
  * Security fixes that will prevent somebody from possibly hijacking your website. (Props Jon Cave)
53
 
54
- = 1.3 =
55
  * Added the ability to change the login URL entirely. It will disable /wp-login.php and give it whatever you want to make it.
5
  Tags: security, wp-admin, http auth, 404, lockdown, talkingwithsean, secure
6
  Requires at least: 3.0
7
  Tested up to: 3.2
8
+ Stable tag: 1.3.1
9
 
10
  This plugin will hide /wp-admin/ when you aren't logged in. If a user isn't logged in and they attempt to access /wp-admin/ directly, they will be unable to and it will return a 404.
11
 
51
  * Cleaned up more code.
52
  * Security fixes that will prevent somebody from possibly hijacking your website. (Props Jon Cave)
53
 
54
+ = 1.3.1 =
55
  * Added the ability to change the login URL entirely. It will disable /wp-login.php and give it whatever you want to make it.