Lockdown WP Admin - Version 2.0.2

Version Description

Query string detection bug fix by James Bonham
Issues with WordPress in a sub-directory

Release Info

Developer	sean212
Plugin	Lockdown WP Admin
Version	2.0.2
Comparing to
See all releases

Code changes from version 2.0.1 to 2.0.2

Files changed (5) hide show

README.md +4 -1
admin.php +2 -2
lockdown-wp-admin.php +70 -57
no-wpmu.php +3 -3
readme.txt +6 -2

README.md CHANGED Viewed

	@@ -87,5 +87,8 @@ A very late update, sorry! Worked to fix many issues with the admin bar and the
87	* Cleanup, cleanup!
88
89	2.0.1

90
91	- ~~Tiny bug fix~~.


87	* Cleanup, cleanup!
88
89	2.0.1
90	+ * Bug fix by [Michal Krause](https://github.com/michal-krause)
91
92	+ 2.0.2
93	+ * Query string detection bug fix by [James Bonham](http://wordpress.org/support/profile/jamesbonham)
94	+ * Issues with WordPress in a sub-directory

admin.php CHANGED Viewed

	@@ -33,10 +33,10 @@ if ( defined('LD_DIS_BASE') && LD_DIS_BASE == TRUE ) : ?>
33	<input type="text" name="login_base" value="<?php echo $this->login_base; ?>" />
34	<br />
35	<em>This will change it from <?php echo wp_guess_url(); ?>/wp-login.php to whatever you put in this box. If you leave it <strong>black</strong>, it will be disabled.<br />
36	- Say if you put "login" into the box, your new login URL will be <?php echo ~~wp_guess_url~~(); ?>/login/.</em></label>
37	<?php
38	global $auth_obj;
39	- $url = ~~wp_guess_url~~() . '/'. $this->login_base;
40	?>
41	<p>Your current login URL is <code><a href="<?php echo $url; ?>"><?php echo $url; ?></a></code>.</p>
42	<blockquote>


33	<input type="text" name="login_base" value="<?php echo $this->login_base; ?>" />
34	<br />
35	<em>This will change it from <?php echo wp_guess_url(); ?>/wp-login.php to whatever you put in this box. If you leave it <strong>black</strong>, it will be disabled.<br />
36	+ Say if you put "login" into the box, your new login URL will be <?php echo home_url(); ?>/login/.</em></label>
37	<?php
38	global $auth_obj;
39	+ $url = home_url() . '/'. $this->login_base;
40	?>
41	<p>Your current login URL is <code><a href="<?php echo $url; ?>"><?php echo $url; ?></a></code>.</p>
42	<blockquote>

lockdown-wp-admin.php CHANGED Viewed

	@@ -4,7 +4,7 @@ Plugin Name: Lockdown WP Admin
4	Plugin URI: http://seanfisher.co/lockdown-wp-admin/
5	Donate link: http://seanfisher.co/donate/
6	Description: Securing the WordPress Administration interface by concealing the administration dashboard and changing the login page URL.
7	- Version: 2.0.1
8	Author: Sean Fisher
9	Author URI: http://seanfisher.co/
10	License: GPL
	@@ -17,7 +17,7 @@ define('LD_FILE_NAME', __FILE__ );
17	* This is the plugin that will add security to our site
18	*
19	* @author Sean Fisher <me@seanfisher.co>
20	- * @version 1.9
21	* @license GPL
22	**/
23	class WP_LockAuth
	@@ -28,7 +28,7 @@ class WP_LockAuth
28	* @global string
29	* @access private
30	**/
31	- ~~private~~ $ld_admin_version = 2.0;
32
33	/**
34	* The HTTP Auth name for the protected area
	@@ -44,14 +44,14 @@ class WP_LockAuth
44	*
45	* @access private
46	**/
47	- ~~private~~ $current_user = FALSE;
48
49	/**
50	* The base to get the login url
51	*
52	* @access private
53	**/
54	- ~~private~~ $login_base = FALSE;
55
56	public function __construct()
57	{
	@@ -77,8 +77,7 @@ class WP_LockAuth
77	public function get_http_auth_creds()
78	{
79	// Since PHP saves the HTTP Password in a bunch of places, we have to be able to test for all of them
80	- $username = NULL;
81	- $password = NULL;
82
83	// mod_php
84	if (isset($_SERVER['PHP_AUTH_USER']))
	@@ -152,7 +151,7 @@ class WP_LockAuth
152	// Deleting a user.
153	if ( isset( $_GET['delete'] ) )
154	{
155	- // Delete the user.
156	unset( $users );
157	$users = $this->get_private_users();
158	$to_delete = (int) $_GET['delete'];
	@@ -164,7 +163,7 @@ class WP_LockAuth
164	if ( $key === $to_delete ) :
165	if( $this->current_user !== '' && $to_delete === $this->current_user )
166	{
167	- // They can't delete themselves!
168	define('LD_ERROR', 'delete-self');
169	return;
170	}
	@@ -197,14 +196,14 @@ class WP_LockAuth
197	if ( !isset( $_POST['did_update'] ) )
198	return;
199
200	- // Nonce
201	$nonce = $_POST['_wpnonce'];
202	if (! wp_verify_nonce($nonce, 'lockdown-wp-admin') )
203	wp_die('Security error, please try again.');
204
205	- // ---------------------------------------------------
206	- // They're updating.
207	- // ---------------------------------------------------
208	if ( isset( $_POST['http_auth'] ) )
209	update_option('ld_http_auth', trim( strtolower( $_POST['http_auth'] ) ) );
210	else
	@@ -244,7 +243,7 @@ class WP_LockAuth
244	}
245	}
246
247	- // Redirect
248	define('LD_WP_ADMIN', TRUE);
249	return;
250	}
	@@ -258,7 +257,7 @@ class WP_LockAuth
258	**/
259	private function inauth_headers()
260	{
261	- // Disable if there is a text file there.
262	if ( file_exists(dirname(__FILE__).DIRECTORY_SEPARATOR.'disable_auth.txt'))
263	return;
264
	@@ -291,7 +290,7 @@ class WP_LockAuth
291	{
292	$opt = get_option('ld_hide_wp_admin');
293
294	- // Nope, they didn't enable it.
295	if ( $opt !== 'yep' )
296	return $this->setup_http_area();
297
	@@ -299,7 +298,10 @@ class WP_LockAuth
299	$no_check_files = array('async-upload.php', 'admin-ajax.php', 'wp-app.php');
300	$no_check_files = apply_filters('no_check_files', $no_check_files);
301
302	- $~~explode~~ = ~~explode~~(~~'/',~~ $_SERVER['SCRIPT_FILENAME'] );



303	$file = end( $explode );
304
305	if ( in_array( $file, $no_check_files ) )
	@@ -307,6 +309,13 @@ class WP_LockAuth
307	define('INTERNAL_AUTH_PASSED', TRUE);
308	return;
309	}







310
311	// We only will hide it if we are in admin (/wp-admin/)
312	if ( is_admin() )
	@@ -327,11 +336,14 @@ class WP_LockAuth
327	**/
328	public function get_file()
329	{
330	- // We're gonna hide it.
331	$no_check_files = array('async-upload.php');
332	$no_check_files = apply_filters('no_check_files', $no_check_files);
333
334	- $~~explode~~ = ~~explode~~(~~'/',~~ $_SERVER['SCRIPT_FILENAME'] );



335	return end( $explode );
336	}
337
	@@ -344,53 +356,53 @@ class WP_LockAuth
344	**/
345	protected function setup_http_area()
346	{
347	- // We save what type of auth we're doing here.
348	$opt = get_option('ld_http_auth');
349
350	// What type of auth are we doing?
351	switch( $opt )
352	{
353	- // HTTP auth is going to ask for their WordPress creds.
354	case 'wp_creds' :
355	$creds = $this->get_http_auth_creds();
356	if (! $creds )
357	$this->inauth_headers(); // Invalid credentials
358
359	- // Are they already logged in as this?
360	$current_uid = get_current_user_id();
361
362	- // We fixed this for use with non WP-MS sites
363	$requested_user = get_user_by('login', $creds['username']);
364
365	- // Not a valid user.
366	if (! $requested_user )
367	$this->inauth_headers();
368
369	- // The correct User ID.
370	$requested_uid = (int) $requested_user->ID;
371
372	- // Already logged in?
373	if ( $current_uid === $requested_uid )
374	{
375	define('INTERNAL_AUTH_PASSED', TRUE);
376	return;
377	}
378
379	- // Attempt to sign them in if they aren't already
380	if (! is_user_logged_in() ) :
381	- // Try it via wp_signon
382	$creds = array();
383	$creds['user_login'] = $creds['username'];
384	$creds['user_password'] = $creds['password'];
385	$creds['remember'] = true;
386	$user = wp_signon( $creds, false );
387
388	- // In error :(
389	if ( is_wp_error($user) )
390	$this->inauth_headers();
391	endif;
392
393	- // They passed!
394	define('INTERNAL_AUTH_PASSED', TRUE);
395	break;
396
	@@ -403,7 +415,7 @@ class WP_LockAuth
403	if ( ! $users \|\| ! is_array( $users ) )
404	return;
405
406	- // Let's NOT lock everybody out
407	if ( count( $users ) < 1 )
408	return;
409
	@@ -414,7 +426,7 @@ class WP_LockAuth
414	if (! $creds )
415	$this->inauth_headers();
416
417	- // Did they enter a valid user?
418	if ( $this->user_array_check( $users, $creds['username'], $creds['password'] ) )
419	{
420	define('INTERNAL_AUTH_PASSED', TRUE);
	@@ -482,7 +494,7 @@ class WP_LockAuth
482	* @param array
483	* @param integer
484	**/
485	- ~~private~~ function set_current_user( $array, $user )
486	{
487	foreach( $array as $key => $val )
488	{
	@@ -509,10 +521,10 @@ class WP_LockAuth
509	**/
510	public function admin_callback()
511	{
512	- // Update the options
513	$this->update_options();
514
515	- // The UI
516	require_once( dirname( __FILE__ ) . '/admin.php' );
517	}
518
	@@ -540,46 +552,47 @@ class WP_LockAuth
540	{
541	$login_base = get_option('ld_login_base');
542
543	- // It's not enabled.
544	if ( $login_base == NULL \|\| ! $login_base \|\| $login_base == '' )
545	return;
546
547	$this->login_base = $login_base;
548	unset( $login_base );
549
550	- // Setup the filters for the new login form
551	add_filter('wp_redirect', array( &$this, 'filter_wp_login'));
552	add_filter('network_site_url', array( &$this, 'filter_wp_login'));
553	add_filter('site_url', array( &$this, 'filter_wp_login'));
554
555	- // We need to get the URL
556	- // This means we need to take the current URL,
557	- // strip it of an WordPress path (if the blog is located @ /blog/)
558	- // And then remove the query string
559	- // We also need to remove the index.php from the URL if it exists
560
561	- // The blog's URL
562	$blog_url = trailingslashit( get_bloginfo('url') );
563
564	- // The Current URL
565	$schema = is_ssl() ? 'https://' : 'http://';
566	$current_url = $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
567
568	$request_url = str_replace( $blog_url, '', $current_url );
569	$request_url = str_replace('index.php/', '', $request_url);
570
571	- ~~list(~~ $~~base,~~ ~~$query )~~ = explode( '?', $request_url, 2 );
572	-
573	- ~~// Remove trailing slash~~

574	$base = rtrim($base,"/");
575	$exp = explode( '/', $base, 2 );
576	- $super_base = ~~reset~~( $exp );
577	-
578	- // Are they visiting wp-login.php?
579	if ( $super_base == 'wp-login.php')
580	$this->throw_404();
581
582	- // Is this the "login" url?
583	if ( $base !== $this->login_base )
584	return FALSE;
585
	@@ -591,7 +604,7 @@ class WP_LockAuth
591	// Hook onto this
592	do_action('ld_login_page');
593
594	- include ABSPATH . "/wp-login.php";
595	exit;
596	}
597
	@@ -608,8 +621,8 @@ class WP_LockAuth
608	/**
609	* Launch and display the 404 page depending upon the template
610	*
611	- * @param void
612	- * @return void
613	**/
614	public function throw_404()
615	{
	@@ -625,9 +638,9 @@ class WP_LockAuth
625	remove_action('wp_head', '_admin_bar_bump_cb', 10);
626	wp_dequeue_script( 'admin-bar' );
627	wp_dequeue_style( 'admin-bar' );
628	-
629	// Template
630	- $four_tpl = get_404_template();
631
632	// Handle the admin bar
633	@define('APP_REQUEST', TRUE);
	@@ -636,7 +649,7 @@ class WP_LockAuth
636	if ( empty($four_tpl) OR ! file_exists($four_tpl) )
637	{
638	// We're gonna try and get TwentyTen's one
639	- $twenty_ten_tpl = apply_filters('LD_404_FALLBACK', WP_CONTENT_DIR . '/themes/~~twentytwelve~~/404.php');
640
641	if (file_exists($twenty_ten_tpl))
642	require($twenty_ten_tpl);


4	Plugin URI: http://seanfisher.co/lockdown-wp-admin/
5	Donate link: http://seanfisher.co/donate/
6	Description: Securing the WordPress Administration interface by concealing the administration dashboard and changing the login page URL.
7	+ Version: 2.0.2
8	Author: Sean Fisher
9	Author URI: http://seanfisher.co/
10	License: GPL

17	* This is the plugin that will add security to our site
18	*
19	* @author Sean Fisher <me@seanfisher.co>
20	+ * @version 2.0.2
21	* @license GPL
22	**/
23	class WP_LockAuth

28	* @global string
29	* @access private
30	**/
31	+ public $ld_admin_version = '2.0.2';
32
33	/**
34	* The HTTP Auth name for the protected area

44	*
45	* @access private
46	**/
47	+ protected $current_user = FALSE;
48
49	/**
50	* The base to get the login url
51	*
52	* @access private
53	**/
54	+ protected $login_base = FALSE;
55
56	public function __construct()
57	{

77	public function get_http_auth_creds()
78	{
79	// Since PHP saves the HTTP Password in a bunch of places, we have to be able to test for all of them
80	+ $username = $password = NULL;

81
82	// mod_php
83	if (isset($_SERVER['PHP_AUTH_USER']))

151	// Deleting a user.
152	if ( isset( $_GET['delete'] ) )
153	{
154	+ // Delete the user.
155	unset( $users );
156	$users = $this->get_private_users();
157	$to_delete = (int) $_GET['delete'];

163	if ( $key === $to_delete ) :
164	if( $this->current_user !== '' && $to_delete === $this->current_user )
165	{
166	+ // They can't delete themselves!
167	define('LD_ERROR', 'delete-self');
168	return;
169	}

196	if ( !isset( $_POST['did_update'] ) )
197	return;
198
199	+ // Nonce
200	$nonce = $_POST['_wpnonce'];
201	if (! wp_verify_nonce($nonce, 'lockdown-wp-admin') )
202	wp_die('Security error, please try again.');
203
204	+ // ---------------------------------------------------
205	+ // They're updating.
206	+ // ---------------------------------------------------
207	if ( isset( $_POST['http_auth'] ) )
208	update_option('ld_http_auth', trim( strtolower( $_POST['http_auth'] ) ) );
209	else

243	}
244	}
245
246	+ // Redirect
247	define('LD_WP_ADMIN', TRUE);
248	return;
249	}

257	**/
258	private function inauth_headers()
259	{
260	+ // Disable if there is a text file there.
261	if ( file_exists(dirname(__FILE__).DIRECTORY_SEPARATOR.'disable_auth.txt'))
262	return;
263

290	{
291	$opt = get_option('ld_hide_wp_admin');
292
293	+ // Nope, they didn't enable it.
294	if ( $opt !== 'yep' )
295	return $this->setup_http_area();
296

298	$no_check_files = array('async-upload.php', 'admin-ajax.php', 'wp-app.php');
299	$no_check_files = apply_filters('no_check_files', $no_check_files);
300
301	+ $script_filename = empty($_SERVER['SCRIPT_FILENAME'])
302	+ ? $_SERVER['PATH_TRANSLATED']
303	+ : $_SERVER['SCRIPT_FILENAME'];
304	+ $explode = explode('/', $script_filename);
305	$file = end( $explode );
306
307	if ( in_array( $file, $no_check_files ) )

309	define('INTERNAL_AUTH_PASSED', TRUE);
310	return;
311	}
312	+
313	+ // Disable for WP-CLI
314	+ if ( defined('WP_CLI') AND WP_CLI )
315	+ {
316	+ define('INTERNAL_AUTH_PASSED', TRUE);
317	+ return;
318	+ }
319
320	// We only will hide it if we are in admin (/wp-admin/)
321	if ( is_admin() )

336	**/
337	public function get_file()
338	{
339	+ // We're gonna hide it.
340	$no_check_files = array('async-upload.php');
341	$no_check_files = apply_filters('no_check_files', $no_check_files);
342
343	+ $script_filename = empty($_SERVER['SCRIPT_FILENAME'])
344	+ ? $_SERVER['PATH_TRANSLATED']
345	+ : $_SERVER['SCRIPT_FILENAME'];
346	+ $explode = explode('/', $script_filename );
347	return end( $explode );
348	}
349

356	**/
357	protected function setup_http_area()
358	{
359	+ // We save what type of auth we're doing here.
360	$opt = get_option('ld_http_auth');
361
362	// What type of auth are we doing?
363	switch( $opt )
364	{
365	+ // HTTP auth is going to ask for their WordPress creds.
366	case 'wp_creds' :
367	$creds = $this->get_http_auth_creds();
368	if (! $creds )
369	$this->inauth_headers(); // Invalid credentials
370
371	+ // Are they already logged in as this?
372	$current_uid = get_current_user_id();
373
374	+ // We fixed this for use with non WP-MS sites
375	$requested_user = get_user_by('login', $creds['username']);
376
377	+ // Not a valid user.
378	if (! $requested_user )
379	$this->inauth_headers();
380
381	+ // The correct User ID.
382	$requested_uid = (int) $requested_user->ID;
383
384	+ // Already logged in?
385	if ( $current_uid === $requested_uid )
386	{
387	define('INTERNAL_AUTH_PASSED', TRUE);
388	return;
389	}
390
391	+ // Attempt to sign them in if they aren't already
392	if (! is_user_logged_in() ) :
393	+ // Try it via wp_signon
394	$creds = array();
395	$creds['user_login'] = $creds['username'];
396	$creds['user_password'] = $creds['password'];
397	$creds['remember'] = true;
398	$user = wp_signon( $creds, false );
399
400	+ // In error
401	if ( is_wp_error($user) )
402	$this->inauth_headers();
403	endif;
404
405	+ // They passed!
406	define('INTERNAL_AUTH_PASSED', TRUE);
407	break;
408

415	if ( ! $users \|\| ! is_array( $users ) )
416	return;
417
418	+ // Let's NOT lock everybody out
419	if ( count( $users ) < 1 )
420	return;
421

426	if (! $creds )
427	$this->inauth_headers();
428
429	+ // Did they enter a valid user?
430	if ( $this->user_array_check( $users, $creds['username'], $creds['password'] ) )
431	{
432	define('INTERNAL_AUTH_PASSED', TRUE);

494	* @param array
495	* @param integer
496	**/
497	+ protected function set_current_user( $array, $user )
498	{
499	foreach( $array as $key => $val )
500	{

521	**/
522	public function admin_callback()
523	{
524	+ // Update the options
525	$this->update_options();
526
527	+ // The UI
528	require_once( dirname( __FILE__ ) . '/admin.php' );
529	}
530

552	{
553	$login_base = get_option('ld_login_base');
554
555	+ // It's not enabled.
556	if ( $login_base == NULL \|\| ! $login_base \|\| $login_base == '' )
557	return;
558
559	$this->login_base = $login_base;
560	unset( $login_base );
561
562	+ // Setup the filters for the new login form
563	add_filter('wp_redirect', array( &$this, 'filter_wp_login'));
564	add_filter('network_site_url', array( &$this, 'filter_wp_login'));
565	add_filter('site_url', array( &$this, 'filter_wp_login'));
566
567	+ // We need to get the URL
568	+ // This means we need to take the current URL,
569	+ // strip it of an WordPress path (if the blog is located @ /blog/)
570	+ // And then remove the query string
571	+ // We also need to remove the index.php from the URL if it exists
572
573	+ // The blog's URL
574	$blog_url = trailingslashit( get_bloginfo('url') );
575
576	+ // The Current URL
577	$schema = is_ssl() ? 'https://' : 'http://';
578	$current_url = $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
579
580	$request_url = str_replace( $blog_url, '', $current_url );
581	$request_url = str_replace('index.php/', '', $request_url);
582
583	+ $url_parts = explode( '?', $request_url, 2 );
584	+ $base = $url_parts[0];
585	+
586	+ // Remove trailing slash
587	$base = rtrim($base,"/");
588	$exp = explode( '/', $base, 2 );
589	+ $super_base = end( $exp );
590	+
591	+ // Are they visiting wp-login.php?
592	if ( $super_base == 'wp-login.php')
593	$this->throw_404();
594
595	+ // Is this the "login" url?
596	if ( $base !== $this->login_base )
597	return FALSE;
598

604	// Hook onto this
605	do_action('ld_login_page');
606
607	+ include ABSPATH . '/wp-login.php';
608	exit;
609	}
610

621	/**
622	* Launch and display the 404 page depending upon the template
623	*
624	+ * @param void
625	+ * @return void
626	**/
627	public function throw_404()
628	{

638	remove_action('wp_head', '_admin_bar_bump_cb', 10);
639	wp_dequeue_script( 'admin-bar' );
640	wp_dequeue_style( 'admin-bar' );
641	+
642	// Template
643	+ $four_tpl = apply_filters('LD_404', get_404_template());
644
645	// Handle the admin bar
646	@define('APP_REQUEST', TRUE);

649	if ( empty($four_tpl) OR ! file_exists($four_tpl) )
650	{
651	// We're gonna try and get TwentyTen's one
652	+ $twenty_ten_tpl = apply_filters('LD_404_FALLBACK', WP_CONTENT_DIR . '/themes/twentythirteen/404.php');
653
654	if (file_exists($twenty_ten_tpl))
655	require($twenty_ten_tpl);

no-wpmu.php CHANGED Viewed

	@@ -31,7 +31,7 @@ class Disable_WPMS_Plugin_LD
31	$this->network_activate_error();
32	}
33
34	- // Default options
35	update_option('ld_http_auth', 'none');
36	update_option('ld_hide_wp_admin', 'no');
37	}
	@@ -43,7 +43,7 @@ class Disable_WPMS_Plugin_LD
43	**/
44	function network_activate_error()
45	{
46	- // De-activate the plugin
47	$active_plugins = (array) get_option('active_plugins');
48	$active_plugins_network = (array) get_site_option('active_sitewide_plugins');
49
	@@ -103,7 +103,7 @@ class Disable_WPMS_Plugin_LD
103	}
104	}
105
106	- // The object.
107	$setup_no_wpmu = new Disable_WPMS_Plugin_LD();
108
109	/* End of file: no-wpmu.php */


31	$this->network_activate_error();
32	}
33
34	+ // Default options
35	update_option('ld_http_auth', 'none');
36	update_option('ld_hide_wp_admin', 'no');
37	}

43	**/
44	function network_activate_error()
45	{
46	+ // De-activate the plugin
47	$active_plugins = (array) get_option('active_plugins');
48	$active_plugins_network = (array) get_site_option('active_sitewide_plugins');
49

103	}
104	}
105
106	+ // The object.
107	$setup_no_wpmu = new Disable_WPMS_Plugin_LD();
108
109	/* End of file: no-wpmu.php */

readme.txt CHANGED Viewed

	@@ -5,7 +5,7 @@ Link: http://seanfisher.co/lockdown-wp-admin/
5	Tags: security, secure, lockdown, vulnerability, website security, wp-admin, login, hide login, rename login, http auth, 404, lockdown, srtfisher, secure
6	Requires at least: 3.3
7	Tested up to: 3.5.1
8	- Stable tag: 2.0.1
9
10	Lockdown WP Admin conceals the administration and login screen from intruders. It can hide WordPress Admin (/wp-admin/) and and login (/wp-login.php) as well as add HTTP authentication to the login system. We can also change the login URL from wp-login.php to whatever you'd like: /login, /log-in-here, etc.
11
	@@ -92,4 +92,8 @@ A very late update, sorry! Worked to fix many issues with the admin bar and the
92	* Cleanup, cleanup!
93
94	= 2.0.1 =
95	- * ~~Tiny~~ ~~bug~~ ~~fix~~


5	Tags: security, secure, lockdown, vulnerability, website security, wp-admin, login, hide login, rename login, http auth, 404, lockdown, srtfisher, secure
6	Requires at least: 3.3
7	Tested up to: 3.5.1
8	+ Stable tag: 2.0.2
9
10	Lockdown WP Admin conceals the administration and login screen from intruders. It can hide WordPress Admin (/wp-admin/) and and login (/wp-login.php) as well as add HTTP authentication to the login system. We can also change the login URL from wp-login.php to whatever you'd like: /login, /log-in-here, etc.
11

92	* Cleanup, cleanup!
93
94	= 2.0.1 =
95	+ * Bug fix by [Michal Krause](https://github.com/michal-krause)
96	+
97	+ = 2.0.2 =
98	+ * Query string detection bug fix by [James Bonham](http://wordpress.org/support/profile/jamesbonham)
99	+ * Issues with WordPress in a sub-directory