Version Description
- Blocked access to wp-admin/ to prevent a redirect the the new login page.
Download this release
Release Info
Developer | avryl |
Plugin | Rename wp-login.php |
Version | 1.1 |
Comparing to | |
See all releases |
Code changes from version 1.0 to 1.1
- readme.txt +40 -17
- rename-wp-login.php +34 -15
- wp-login.php +11 -1
readme.txt
CHANGED
@@ -1,42 +1,65 @@
|
|
1 |
=== Plugin Name ===
|
2 |
Contributors: avryl
|
3 |
Tags: rename, login, wp-login, wp-login.php, brute force, attacks
|
4 |
-
Requires at least: 3.
|
5 |
Tested up to: 3.6
|
6 |
Stable tag: trunk
|
7 |
License: GPLv2 or later
|
8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
9 |
|
10 |
-
|
11 |
|
12 |
== Description ==
|
13 |
|
14 |
-
|
15 |
|
16 |
-
|
|
|
|
|
17 |
|
18 |
-
|
19 |
|
20 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
21 |
|
22 |
== Installation ==
|
23 |
|
24 |
-
1. Go to
|
25 |
-
2. Search for
|
26 |
3. Look for this plugin, download and activate it.
|
27 |
-
4. The page will redirect you to the settings. Rename
|
28 |
-
5. You can change this option any time you want, just go back to
|
29 |
|
30 |
-
==
|
31 |
|
32 |
-
1.
|
33 |
-
the /assets directory or the directory that contains the stable readme.txt (tags or trunk). Screenshots in the /assets
|
34 |
-
directory take precedence. For example, `/assets/screenshot-1.png` would win over `/tags/4.3/screenshot-1.png`
|
35 |
-
(or jpg, jpeg, gif).
|
36 |
|
37 |
-
|
38 |
|
39 |
= 1.0 =
|
|
|
40 |
* Initial version.
|
41 |
|
42 |
-
== Upgrade Notice ==
|
|
|
|
|
|
|
|
1 |
=== Plugin Name ===
|
2 |
Contributors: avryl
|
3 |
Tags: rename, login, wp-login, wp-login.php, brute force, attacks
|
4 |
+
Requires at least: 3.6
|
5 |
Tested up to: 3.6
|
6 |
Stable tag: trunk
|
7 |
License: GPLv2 or later
|
8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
9 |
|
10 |
+
Change wp-login.php to whatever you want. It can also prevent a lot of brute force attacks.
|
11 |
|
12 |
== Description ==
|
13 |
|
14 |
+
= What it does =
|
15 |
|
16 |
+
This plugin renames wp-login.php to whatever you want. The default is example.com/**login**/ if no such page already exists. Otherwise it will append a number, e.g. login-1.
|
17 |
+
You can change this under ‘Settings’ › ‘Permalinks’ › ‘Login’.
|
18 |
+
Please remember what you changed your login page to, accessing wp-login.php or wp-admin/ will not work and will return a 404 not found status.
|
19 |
|
20 |
+
= Compatibility =
|
21 |
|
22 |
+
Works with **BuddyPress**, **Limit Login Attempts** and most other plugins that customise the login page.
|
23 |
+
This plugin doesn't break the registration form, lost password form, expired sessions or any of wp-login.php’s functionality. Plugins that hook into the standard login form will keep working.
|
24 |
+
It doesn’t break `wp_login_form()`, so login forms in widgets will work too.
|
25 |
+
|
26 |
+
While it might work with earlier versions of WordPress, you should always update WordPress to the latest version.
|
27 |
+
|
28 |
+
If you’re using a **page caching plugin** like **W3 Total Cache** or **WP Super Cache**, add the word you renamed wp-login.php to (e.g. login) to the list of pages not to cache.
|
29 |
+
|
30 |
+
* For W3 Total Cache go to Performance › Page Cache › Advanced › Never cache the following pages, add your new login page on a new line and save all settings.
|
31 |
+
* For WP Super Cache go to Settings › WP Super Cache › Advanced › Accepted Filenames & Rejected URIs, add your new login page on a new line and save.
|
32 |
+
|
33 |
+
This plugin is **not** yet tested on installs that force **SSL** or use the **multisite** feature. I appreciate any help with testing this.
|
34 |
+
|
35 |
+
= Benefits =
|
36 |
+
|
37 |
+
Not only does it allow you to further customise your login page, it also prevents brute force attacks that are targeted specifically to wp-login.php. wp-login.php will return a 404 not found status code and wp-admin as well if you’re not logged in as it would otherwise reveal the location of your new login page.
|
38 |
+
|
39 |
+
I made this plugin primarily because a client’s host blocked wp-login.php with an annoying Captcha. On some bigger websites Limit Login Atttempts also showed us that a lot of bots were trying to gain access through wp-login.php.
|
40 |
+
|
41 |
+
While you could use this plugin to prevent a lot of brute force attacks, it does not mean you don't need a strong password. Read [this codex article](http://codex.wordpress.org/Brute_Force_Attacks) for more information on how to protect your website.
|
42 |
|
43 |
== Installation ==
|
44 |
|
45 |
+
1. Go to Plugins › Add New.
|
46 |
+
2. Search for *Rename wp-login*.
|
47 |
3. Look for this plugin, download and activate it.
|
48 |
+
4. The page will redirect you to the settings. Rename wp-login.php in the section Login.
|
49 |
+
5. You can change this option any time you want, just go back to Settings › Permalinks › Login.
|
50 |
|
51 |
+
== Changelog ==
|
52 |
|
53 |
+
= 1.1 =
|
|
|
|
|
|
|
54 |
|
55 |
+
* Blocked access to wp-admin/ to prevent a redirect the the new login page.
|
56 |
|
57 |
= 1.0 =
|
58 |
+
|
59 |
* Initial version.
|
60 |
|
61 |
+
== Upgrade Notice ==
|
62 |
+
|
63 |
+
= 1.1 =
|
64 |
+
|
65 |
+
* Always immediately update this plugin please!
|
rename-wp-login.php
CHANGED
@@ -2,10 +2,10 @@
|
|
2 |
/*
|
3 |
Plugin Name: Rename wp-login
|
4 |
Plugin URI: http://wordpress.org/plugins/rename-wp-login/
|
5 |
-
Description:
|
6 |
Author: avryl
|
7 |
Author URI: http://profiles.wordpress.org/avryl/
|
8 |
-
Version: 1.
|
9 |
Text Domain: rename-wp-login
|
10 |
License: GPLv2 or later
|
11 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
@@ -14,15 +14,21 @@ License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
|
14 |
register_uninstall_hook(__FILE__, 'rwl_uninstall');
|
15 |
function rwl_uninstall() {
|
16 |
delete_option('rwl_page');
|
|
|
17 |
}
|
18 |
|
19 |
register_activation_hook(__FILE__, 'rwl_activation');
|
20 |
function rwl_activation() {
|
21 |
add_option('rwl_redirect', '1');
|
|
|
|
|
22 |
}
|
23 |
|
24 |
-
add_action('
|
25 |
-
function
|
|
|
|
|
|
|
26 |
if (!get_option('rwl_page') || get_option('rwl_page') == '') {
|
27 |
update_option('rwl_page', wp_unique_post_slug('login', 0, 'publish', 'page', 0));
|
28 |
}
|
@@ -30,19 +36,24 @@ function rwl_init() {
|
|
30 |
|
31 |
add_action('login_init', 'rwl_login_init');
|
32 |
function rwl_login_init() {
|
33 |
-
global $
|
34 |
if (!$post) {
|
35 |
-
|
36 |
-
$wp_query->set_404();
|
37 |
-
if (file_exists(TEMPLATEPATH . '/404.php')) {
|
38 |
-
require_once(TEMPLATEPATH . '/404.php');
|
39 |
-
} else {
|
40 |
-
require_once(TEMPLATEPATH . '/index.php');
|
41 |
-
}
|
42 |
-
exit;
|
43 |
}
|
44 |
}
|
45 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
46 |
add_action('wp', 'rwl_wp');
|
47 |
function rwl_wp() {
|
48 |
global $wp_query, $post, $wp;
|
@@ -67,8 +78,12 @@ add_action('admin_init', 'rwl_admin_init');
|
|
67 |
function rwl_admin_init() {
|
68 |
add_settings_section('rename-wp-login-section', 'Login', '__return_false', 'permalink');
|
69 |
add_settings_field('rwl-page', '<label for="rwl-page-input">Rename wp-login.php</label>', 'rwl_page', 'permalink', 'rename-wp-login-section');
|
70 |
-
|
71 |
-
|
|
|
|
|
|
|
|
|
72 |
}
|
73 |
if (get_option('rwl_redirect') == '1') {
|
74 |
delete_option('rwl_redirect');
|
@@ -80,6 +95,10 @@ function rwl_page() {
|
|
80 |
echo '<code>' . site_url() . '/</code> <input id="rwl-page-input" type="text" name="rwl_page" value="' . get_option('rwl_page') . '" /> <code>/</code>';
|
81 |
}
|
82 |
|
|
|
|
|
|
|
|
|
83 |
add_filter('plugin_action_links_' . plugin_basename(__FILE__), 'rwl_plugin_action_links');
|
84 |
function rwl_plugin_action_links($links) {
|
85 |
array_unshift($links, '<a href="options-permalink.php#rwl-page-input">Settings</a>');
|
2 |
/*
|
3 |
Plugin Name: Rename wp-login
|
4 |
Plugin URI: http://wordpress.org/plugins/rename-wp-login/
|
5 |
+
Description: Change wp-login.php to whatever you want. It can also prevent a lot of brute force attacks.
|
6 |
Author: avryl
|
7 |
Author URI: http://profiles.wordpress.org/avryl/
|
8 |
+
Version: 1.1
|
9 |
Text Domain: rename-wp-login
|
10 |
License: GPLv2 or later
|
11 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
14 |
register_uninstall_hook(__FILE__, 'rwl_uninstall');
|
15 |
function rwl_uninstall() {
|
16 |
delete_option('rwl_page');
|
17 |
+
delete_option('rwl_admin');
|
18 |
}
|
19 |
|
20 |
register_activation_hook(__FILE__, 'rwl_activation');
|
21 |
function rwl_activation() {
|
22 |
add_option('rwl_redirect', '1');
|
23 |
+
add_option('rwl_admin', '0');
|
24 |
+
add_option('rwl_page', wp_unique_post_slug('login', 0, 'publish', 'page', 0));
|
25 |
}
|
26 |
|
27 |
+
add_action('wp_loaded', 'rwl_wp_loaded');
|
28 |
+
function rwl_wp_loaded() {
|
29 |
+
if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX') && get_option('rwl_admin') != '1') {
|
30 |
+
rwl_return_404();
|
31 |
+
}
|
32 |
if (!get_option('rwl_page') || get_option('rwl_page') == '') {
|
33 |
update_option('rwl_page', wp_unique_post_slug('login', 0, 'publish', 'page', 0));
|
34 |
}
|
36 |
|
37 |
add_action('login_init', 'rwl_login_init');
|
38 |
function rwl_login_init() {
|
39 |
+
global $post;
|
40 |
if (!$post) {
|
41 |
+
rwl_return_404();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
42 |
}
|
43 |
}
|
44 |
|
45 |
+
function rwl_return_404() {
|
46 |
+
global $wp_query;
|
47 |
+
status_header(404);
|
48 |
+
$wp_query->set_404();
|
49 |
+
if (file_exists(TEMPLATEPATH . '/404.php')) {
|
50 |
+
require_once(TEMPLATEPATH . '/404.php');
|
51 |
+
} else {
|
52 |
+
require_once(TEMPLATEPATH . '/index.php');
|
53 |
+
}
|
54 |
+
exit;
|
55 |
+
}
|
56 |
+
|
57 |
add_action('wp', 'rwl_wp');
|
58 |
function rwl_wp() {
|
59 |
global $wp_query, $post, $wp;
|
78 |
function rwl_admin_init() {
|
79 |
add_settings_section('rename-wp-login-section', 'Login', '__return_false', 'permalink');
|
80 |
add_settings_field('rwl-page', '<label for="rwl-page-input">Rename wp-login.php</label>', 'rwl_page', 'permalink', 'rename-wp-login-section');
|
81 |
+
add_settings_field('rwl-admin', '<label for="rwl-admin-input">Redirect wp-admin/ to new login page (not recommended)</label>', 'rwl_admin', 'permalink', 'rename-wp-login-section');
|
82 |
+
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
83 |
+
if (!empty($_POST['rwl_page'])) {
|
84 |
+
update_option('rwl_page', wp_unique_post_slug($_POST['rwl_page'], 0, 'publish', 'page', 0));
|
85 |
+
}
|
86 |
+
update_option('rwl_admin', isset($_POST['rwl_admin']) ? $_POST['rwl_admin'] : '0');
|
87 |
}
|
88 |
if (get_option('rwl_redirect') == '1') {
|
89 |
delete_option('rwl_redirect');
|
95 |
echo '<code>' . site_url() . '/</code> <input id="rwl-page-input" type="text" name="rwl_page" value="' . get_option('rwl_page') . '" /> <code>/</code>';
|
96 |
}
|
97 |
|
98 |
+
function rwl_admin() {
|
99 |
+
echo '<input id="rwl-admin-input" type="checkbox" name="rwl_admin" value="1" ' . checked(get_option('rwl_admin'), true, false) . ' />';
|
100 |
+
}
|
101 |
+
|
102 |
add_filter('plugin_action_links_' . plugin_basename(__FILE__), 'rwl_plugin_action_links');
|
103 |
function rwl_plugin_action_links($links) {
|
104 |
array_unshift($links, '<a href="options-permalink.php#rwl-page-input">Settings</a>');
|
wp-login.php
CHANGED
@@ -1,4 +1,14 @@
|
|
1 |
<?php
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2 |
|
3 |
// Redirect to https login if forced to use SSL
|
4 |
if ( force_ssl_admin() && ! is_ssl() ) {
|
@@ -738,7 +748,7 @@ d.select();
|
|
738 |
}, 200);
|
739 |
}
|
740 |
|
741 |
-
<?php
|
742 |
wp_attempt_focus();
|
743 |
<?php } ?>
|
744 |
if(typeof wpOnload=='function')wpOnload();
|
1 |
<?php
|
2 |
+
/**
|
3 |
+
* WordPress User Page
|
4 |
+
*
|
5 |
+
* Handles authentication, registering, resetting passwords, forgot password,
|
6 |
+
* and other user handling.
|
7 |
+
*
|
8 |
+
* @package WordPress
|
9 |
+
*/
|
10 |
+
|
11 |
+
global $error, $interim_login, $current_site, $action;
|
12 |
|
13 |
// Redirect to https login if forced to use SSL
|
14 |
if ( force_ssl_admin() && ! is_ssl() ) {
|
748 |
}, 200);
|
749 |
}
|
750 |
|
751 |
+
<?php if ( !$error ) { ?>
|
752 |
wp_attempt_focus();
|
753 |
<?php } ?>
|
754 |
if(typeof wpOnload=='function')wpOnload();
|