Rename wp-login.php - Version 1.4

Version Description

  • Faster page load.
  • Fixed 404 error for permalink structures with a prefixed path. Almost pretty permalinks work now too.
  • Code clean-up.
Download this release

Release Info

Developer avryl
Plugin Icon 128x128 Rename wp-login.php
Version 1.4
Comparing to
See all releases

Code changes from version 1.3 to 1.4

Files changed (2) hide show
  1. readme.txt +25 -9
  2. rename-wp-login.php +183 -111
readme.txt CHANGED
@@ -1,4 +1,5 @@
1
=== Rename wp-login.php ===
2
Contributors: avryl
3
Tags: rename, login, wp-login, wp-login.php, brute force, attacks
4
Requires at least: 3.6
@@ -15,13 +16,13 @@ Change wp-login.php to whatever you want. It can also prevent a lot of brute for
15
16
This plugin renames wp-login.php to whatever you want. The default is example.com/**login**/ if no such page already exists. Otherwise it will append a number, e.g. login-1.
17
You can change this under Settings › Permalinks › Login.
18
- Please remember what you changed your login page to, accessing wp-login.php or wp-admin/ will not work and will return a 404 not found status.
19
20
= Compatibility =
21
22
Works with **BuddyPress**, **Limit Login Attempts** and most other plugins that customise the login page.
23
- This plugin doesn't break the registration form, lost password form, expired sessions or any of wp-login.php’s functionality. Plugins that hook into the standard login form will keep working.
24
- It doesn’t break `wp_login_form()`, so login forms in widgets will work too.
25
26
While it might work with earlier versions of WordPress, you should always update WordPress to the latest version.
27
@@ -30,26 +31,41 @@ If you’re using a **page caching plugin** like **W3 Total Cache** or **WP Supe
30
* For W3 Total Cache go to Performance › Page Cache › Advanced › Never cache the following pages, add your new login page on a new line and save all settings.
31
* For WP Super Cache go to Settings › WP Super Cache › Advanced › Accepted Filenames & Rejected URIs, add your new login page on a new line and save.
32
33
- This plugin is **not** yet tested on installs that force **SSL** or use the **multisite** feature. I appreciate any help with testing this.
34
35
= Benefits =
36
37
- Not only does it allow you to further customise your login page, it also prevents brute force attacks that are targeted specifically to wp-login.php. wp-login.php will return a 404 not found status code and wp-admin as well if you’re not logged in as it would otherwise reveal the location of your new login page.
38
39
I made this plugin primarily because a client’s host blocked wp-login.php with an annoying Captcha. On some bigger websites Limit Login Atttempts also showed us that a lot of bots were trying to gain access through wp-login.php.
40
41
- While you could use this plugin to prevent a lot of brute force attacks, it does not mean you don't need a strong password. Read [this codex article](http://codex.wordpress.org/Brute_Force_Attacks) for more information on how to protect your website.
42
43
== Installation ==
44
45
1. Go to Plugins › Add New.
46
- 2. Search for *Rename wp-login*.
47
3. Look for this plugin, download and activate it.
48
4. The page will redirect you to the settings. Rename wp-login.php in the section Login.
49
5. You can change this option any time you want, just go back to Settings › Permalinks › Login.
50
51
== Changelog ==
52
53
= 1.3 =
54
55
* Prevents the plugin from working when there is no permalink structure.
@@ -60,7 +76,7 @@ While you could use this plugin to prevent a lot of brute force attacks, it does
60
61
= 1.1 =
62
63
- * Blocked access to wp-admin/ to prevent a redirect the the new login page.
64
65
= 1.0 =
66
@@ -68,6 +84,6 @@ While you could use this plugin to prevent a lot of brute force attacks, it does
68
69
== Upgrade Notice ==
70
71
- = 1.3 =
72
73
Always immediately update this plugin please!
1
=== Rename wp-login.php ===
2
+
3
Contributors: avryl
4
Tags: rename, login, wp-login, wp-login.php, brute force, attacks
5
Requires at least: 3.6
16
17
This plugin renames wp-login.php to whatever you want. The default is example.com/**login**/ if no such page already exists. Otherwise it will append a number, e.g. login-1.
18
You can change this under Settings › Permalinks › Login.
19
+ Please remember what you changed your login page to, accessing wp-login.php or wp-admin will not work and will return a 404 not found status.
20
21
= Compatibility =
22
23
Works with **BuddyPress**, **Limit Login Attempts** and most other plugins that customise the login page.
24
+ This plugin **doesnt** break the registration form, lost password form, expired sessions or any of wp-login.php’s functionality. Plugins that hook into the standard login form will keep working.
25
+ It doesn’t break `wp_login_form()`, so the login widget will work too.
26
27
While it might work with earlier versions of WordPress, you should always update WordPress to the latest version.
28
31
* For W3 Total Cache go to Performance › Page Cache › Advanced › Never cache the following pages, add your new login page on a new line and save all settings.
32
* For WP Super Cache go to Settings › WP Super Cache › Advanced › Accepted Filenames & Rejected URIs, add your new login page on a new line and save.
33
34
+ This plugin is **not** yet tested on installs that force **SSL** or use the **multisite** feature. I would appreciate any help with testing this.
35
36
= Benefits =
37
38
+ Not only does it allow you to further customise your login page, it also prevents brute force attacks that are targeted specifically to wp-login.php. wp-login.php will return a 404 not found status code, and wp-admin as well if you’re not logged in, as it would otherwise reveal the location of your new login page.
39
40
I made this plugin primarily because a client’s host blocked wp-login.php with an annoying Captcha. On some bigger websites Limit Login Atttempts also showed us that a lot of bots were trying to gain access through wp-login.php.
41
42
+ While you could use this plugin to prevent a lot of brute force attacks, it does not mean you dont need a strong password. Read [this codex article](http://codex.wordpress.org/Brute_Force_Attacks) for more information on how to protect your website.
43
44
== Installation ==
45
46
1. Go to Plugins › Add New.
47
+ 2. Search for *Rename wp-login.php*.
48
3. Look for this plugin, download and activate it.
49
4. The page will redirect you to the settings. Rename wp-login.php in the section Login.
50
5. You can change this option any time you want, just go back to Settings › Permalinks › Login.
51
52
+ == Frequently Asked Questions ==
53
+
54
+ = I forgot my login url! =
55
+
56
+ There are two ways to solve your problem:
57
+
58
+ 1. go to your MySQL database and look for the value of `rwl_page` in the options table, or
59
+ 2. remove the `rename-wp-login` folder from your `plugins` folder, log in through the standard wp-login.php and reinstall the plugin.
60
+
61
== Changelog ==
62
63
+ = 1.4 =
64
+
65
+ * Faster page load.
66
+ * Fixed 404 error for permalink structures with a prefixed path. “Almost pretty” permalinks work now too.
67
+ * Code clean-up.
68
+
69
= 1.3 =
70
71
* Prevents the plugin from working when there is no permalink structure.
76
77
= 1.1 =
78
79
+ * Blocked access to wp-admin to prevent a redirect the the new login page.
80
81
= 1.0 =
82
84
85
== Upgrade Notice ==
86
87
+ = 1.4 =
88
89
Always immediately update this plugin please!
rename-wp-login.php CHANGED
@@ -1,166 +1,238 @@
1
<?php
2
/*
3
Plugin Name: Rename wp-login.php
4
Plugin URI: http://wordpress.org/plugins/rename-wp-login/
5
Description: Change wp-login.php to whatever you want. It can also prevent a lot of brute force attacks.
6
Author: avryl
7
Author URI: http://profiles.wordpress.org/avryl/
8
- Version: 1.3
9
Text Domain: rename-wp-login
10
License: GPLv2 or later
11
License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
*/
13
14
- register_uninstall_hook(__FILE__, 'rwl_uninstall');
15
- function rwl_uninstall() {
16
- delete_option('rwl_page');
17
- delete_option('rwl_admin');
18
- }
19
20
- register_activation_hook(__FILE__, 'rwl_activation');
21
function rwl_activation() {
22
- add_option('rwl_redirect', '1');
23
- add_option('rwl_admin', '0');
24
- add_option('rwl_page', wp_unique_post_slug('login', 0, 'publish', 'page', 0));
25
}
26
27
- add_action('admin_init', 'rwl_admin_init');
28
function rwl_admin_init() {
29
- add_settings_section('rename-wp-login-section', 'Login', '__return_false', 'permalink');
30
- add_settings_field('rwl-page', '<label for="rwl-page-input">Rename wp-login.php</label>', 'rwl_page', 'permalink', 'rename-wp-login-section');
31
- add_settings_field('rwl-admin', '<label for="rwl-admin-input">Redirect wp-admin/ to new login page (not recommended)</label>', 'rwl_admin', 'permalink', 'rename-wp-login-section');
32
- if ($_SERVER['REQUEST_METHOD'] == 'POST') {
33
- if (!empty($_POST['rwl_page'])) {
34
- update_option('rwl_page', wp_unique_post_slug(sanitize_title_with_dashes($_POST['rwl_page']), 0, 'publish', 'page', 0));
35
}
36
- update_option('rwl_admin', isset($_POST['rwl_admin']) ? $_POST['rwl_admin'] : '0');
37
}
38
- if (get_option('rwl_redirect') == '1') {
39
- delete_option('rwl_redirect');
40
- wp_redirect(admin_url('options-permalink.php#rwl-page-input'));
41
}
42
}
43
44
function rwl_page() {
45
- echo '<code>' . site_url() . '/</code> <input id="rwl-page-input" type="text" name="rwl_page" value="' . get_option('rwl_page') . '" /> <code>/</code>';
46
}
47
48
function rwl_admin() {
49
- echo '<input id="rwl-admin-input" type="checkbox" name="rwl_admin" value="1" ' . checked(get_option('rwl_admin'), true, false) . ' />';
50
}
51
52
- add_filter('plugin_action_links_' . plugin_basename(__FILE__), 'rwl_plugin_action_links');
53
- function rwl_plugin_action_links($links) {
54
- array_unshift($links, '<a href="options-permalink.php#rwl-page-input">Settings</a>');
55
- return $links;
56
- }
57
-
58
- add_action('admin_notices', 'rwl_admin_notices');
59
function rwl_admin_notices() {
60
- if (!get_option('permalink_structure')) {
61
- ?>
62
- <div class="error">
63
- <p><strong>Rename wp-login.php</strong> doesn't work if you’re using the default permalink structure.<br>You must choose another permalink structure for it to work.</p>
64
- </div>
65
- <?php
66
- } elseif ($_GET['settings-updated'] == true) {
67
- ?>
68
- <div class="updated">
69
- <p>Your login page is now here: <a href="<?php echo site_url(); ?>/<?php echo get_option('rwl_page'); ?>/"><?php echo site_url(); ?>/<strong><?php echo get_option('rwl_page'); ?></strong>/</a>. Bookmark this page!</p>
70
- </div>
71
- <?php
72
}
73
}
74
75
- if (!get_option('permalink_structure'))
76
return;
77
78
- add_action('wp_loaded', 'rwl_wp_loaded');
79
- function rwl_wp_loaded() {
80
- if (is_admin() && !is_user_logged_in() && !defined('DOING_AJAX') && get_option('rwl_admin') != '1') {
81
- rwl_return_404();
82
}
83
- if (!get_option('rwl_page') || get_option('rwl_page') == '') {
84
- update_option('rwl_page', wp_unique_post_slug('login', 0, 'publish', 'page', 0));
85
}
86
}
87
88
- add_action('login_init', 'rwl_login_init');
89
function rwl_login_init() {
90
- global $post;
91
- if (!$post) {
92
- rwl_return_404();
93
}
94
}
95
96
- function rwl_return_404() {
97
- global $wp_query;
98
- status_header(404);
99
- $wp_query->set_404();
100
- if (file_exists(TEMPLATEPATH . '/404.php')) {
101
- require_once(TEMPLATEPATH . '/404.php');
102
- } else {
103
- require_once(TEMPLATEPATH . '/index.php');
104
- }
105
- exit;
106
}
107
108
- add_action('wp', 'rwl_wp');
109
- function rwl_wp() {
110
- global $wp_query, $post, $wp;
111
- if ($wp_query->is_404 && $wp->request == get_option('rwl_page')) {
112
- status_header(200);
113
- $post = new stdClass();
114
- $post->ID = 0;
115
- $wp_query->queried_object = $post;
116
- $wp_query->queried_object_id = 0;
117
- $wp_query->post = $post;
118
- $wp_query->found_posts = 1;
119
- $wp_query->post_count = 1;
120
- $wp_query->is_singular = true;
121
- $wp_query->is_404 = false;
122
- $wp_query->posts = array($post);
123
- $wp_query->is_page = true;
124
- require_once(dirname(__FILE__) . '/wp-login.php');
125
- exit;
126
- }
127
}
128
129
- add_filter('site_url', 'rwl_filter_site_url', 10, 4);
130
- function rwl_filter_site_url($url, $path, $scheme, $blog_id) {
131
- return (strpos($path, 'wp-login.php') !== false && $scheme == 'login_post') ? site_url() . '/' . get_option('rwl_page') . '/' . str_replace('wp-login.php', '', $path) : $url;
132
}
133
134
- add_filter('login_url', 'rwl_filter_login_url', 10, 2);
135
- function rwl_filter_login_url($login_url, $redirect = '') {
136
- $login_url = site_url() . '/' . get_option('rwl_page') . '/';
137
- if (!empty($redirect))
138
- $login_url = add_query_arg('redirect_to', urlencode($redirect), $login_url);
139
- return $login_url;
140
}
141
142
- add_filter('logout_url', 'rwl_filter_logout_url', 10, 2);
143
- function rwl_filter_logout_url($login_url, $redirect = '') {
144
- $args = array('action' => 'logout');
145
- if (!empty($redirect)) {
146
- $args['redirect_to'] = urlencode($redirect);
147
- }
148
- $logout_url = add_query_arg($args, site_url() . '/' . get_option('rwl_page') . '/');
149
- $logout_url = wp_nonce_url($logout_url, 'log-out');
150
- return $logout_url;
151
}
152
153
- add_filter('lostpassword_url', 'rwl_filter_lostpassword_url', 10, 2);
154
- function rwl_filter_lostpassword_url($lostpassword_url, $redirect = '') {
155
- $args = array( 'action' => 'lostpassword' );
156
- if (!empty($redirect)) {
157
- $args['redirect_to'] = $redirect;
158
- }
159
- $lostpassword_url = add_query_arg($args, site_url() . '/' . get_option('rwl_page') . '/');
160
- return $lostpassword_url;
161
}
162
163
- add_filter('register_url', 'rwl_filter_register_url');
164
- function rwl_filter_register_url($register_url) {
165
- return site_url() . '/' . get_option('rwl_page') . '/?action=register';
166
}
1
<?php
2
+
3
/*
4
Plugin Name: Rename wp-login.php
5
Plugin URI: http://wordpress.org/plugins/rename-wp-login/
6
Description: Change wp-login.php to whatever you want. It can also prevent a lot of brute force attacks.
7
Author: avryl
8
Author URI: http://profiles.wordpress.org/avryl/
9
+ Version: 1.4
10
Text Domain: rename-wp-login
11
License: GPLv2 or later
12
License URI: http://www.gnu.org/licenses/gpl-2.0.html
13
*/
14
15
+ register_activation_hook( __FILE__, 'rwl_activation' );
16
+ register_uninstall_hook( __FILE__, 'rwl_uninstall' );
17
+
18
+ add_action( 'admin_init', 'rwl_admin_init' );
19
+ add_action( 'admin_notices', 'rwl_admin_notices' );
20
+
21
+ add_filter( 'plugin_action_links_' . plugin_basename( __FILE__ ), 'rwl_plugin_action_links' );
22
23
function rwl_activation() {
24
+
25
+ add_option( 'rwl_redirect', '1' );
26
+ add_option( 'rwl_admin', '0' );
27
+ add_option( 'rwl_page', wp_unique_post_slug( 'login', 0, 'publish', 'page', 0 ) );
28
+
29
+ }
30
+
31
+ function rwl_uninstall() {
32
+
33
+ delete_option( 'rwl_page' );
34
+ delete_option( 'rwl_admin' );
35
+
36
}
37
38
function rwl_admin_init() {
39
+
40
+ add_settings_section( 'rename-wp-login-section', 'Login', '__return_false', 'permalink' );
41
+
42
+ add_settings_field( 'rwl-page', '<label for="rwl-page-input">Rename wp-login.php</label>', 'rwl_page', 'permalink', 'rename-wp-login-section' );
43
+ add_settings_field( 'rwl-admin', '<label for="rwl-admin-input">Redirect wp-admin to new login page (not recommended)</label>', 'rwl_admin', 'permalink', 'rename-wp-login-section' );
44
+
45
+ if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
46
+
47
+ if ( ! empty( $_POST['rwl_page'] ) ) {
48
+
49
+ update_option( 'rwl_page', wp_unique_post_slug( sanitize_title_with_dashes( $_POST['rwl_page'] ), 0, 'publish', 'page', 0 ) );
50
+
51
}
52
+
53
+ update_option( 'rwl_admin', isset( $_POST['rwl_admin'] ) ? $_POST['rwl_admin'] : '0' );
54
}
55
+
56
+ if ( get_option( 'rwl_redirect' ) == '1' ) {
57
+
58
+ delete_option( 'rwl_redirect' );
59
+
60
+ wp_redirect( admin_url( 'options-permalink.php#rwl-page-input' ) );
61
+
62
}
63
+
64
}
65
66
function rwl_page() {
67
+
68
+ echo '<code>' . site_url() . '/</code> <input id="rwl-page-input" type="text" name="rwl_page" value="' . get_option( 'rwl_page' ) . '" /> <code>/</code>';
69
+
70
}
71
72
function rwl_admin() {
73
+
74
+ echo '<input id="rwl-admin-input" type="checkbox" name="rwl_admin" value="1" ' . checked( get_option( 'rwl_admin' ), true, false ) . ' />';
75
+
76
}
77
78
function rwl_admin_notices() {
79
+
80
+ if ( ! get_option( 'permalink_structure' ) ) {
81
+
82
+ echo '<div class="error"><p><strong>Rename wp-login.php</strong> doesnt work if you’re using the default permalink structure.<br>You must <a href="' . admin_url( 'options-permalink.php' ) . '">choose</a> another permalink structure for it to work.</p></div>';
83
+
84
+ } elseif ( $_GET['settings-updated'] == true ) {
85
+
86
+ echo '<div class="updated"><p>Your login page is now here: <a href="' . site_url() . '/' . get_option( 'rwl_page' ) . '/">' . site_url() . '/<strong>' . get_option( 'rwl_page' ) . '</strong>/</a>. Bookmark this page!</p></div>';
87
+
88
}
89
}
90
91
+ function rwl_plugin_action_links( $links ) {
92
+
93
+ array_unshift( $links, '<a href="options-permalink.php#rwl-page-input">Settings</a>' );
94
+
95
+ return $links;
96
+
97
+ }
98
+
99
+ if ( ! get_option('permalink_structure') )
100
return;
101
102
+ add_action( 'init', 'rwl_init' );
103
+ add_action( 'login_init', 'rwl_login_init' );
104
+
105
+ add_filter( 'site_url', 'rwl_filter_site_url', 10, 4 );
106
+ add_filter( 'login_url', 'rwl_filter_login_url', 10, 2 );
107
+ add_filter( 'logout_url', 'rwl_filter_logout_url', 10, 2 );
108
+ add_filter( 'register_url', 'rwl_filter_register_url', 10, 1 );
109
+ add_filter( 'lostpassword_url', 'rwl_filter_lostpassword_url', 10, 2 );
110
+
111
+ function rwl_init() {
112
+
113
+ if ( is_admin() && ! is_user_logged_in() && ! defined( 'DOING_AJAX' ) && get_option( 'rwl_admin' ) != '1' ) {
114
+
115
+ remove_action( 'wp_head', 'mp6_override_toolbar_margin', 11 );
116
+
117
+ rwl_404();
118
+
119
+ }
120
+
121
+ if ( ! get_option( 'rwl_page' ) || get_option( 'rwl_page' ) == '' ) {
122
+
123
+ update_option( 'rwl_page', wp_unique_post_slug( 'login', 0, 'publish', 'page', 0 ) );
124
+
125
}
126
+
127
+ if ( strpos( $_SERVER['REQUEST_URI'], get_option( 'rwl_page' ) ) ) {
128
+
129
+ $home_url = parse_url( home_url() );
130
+
131
+ $home_path = '';
132
+ if ( isset( $home_url['path'] ) )
133
+ $home_path = $home_url['path'];
134
+ $home_path = trim( $home_path, '/' );
135
+
136
+ $req_uri = $_SERVER['REQUEST_URI'];
137
+ $req_uri_array = explode( '?', $req_uri );
138
+ $req_uri = $req_uri_array[0];
139
+ $req_uri = trim( $req_uri, '/' );
140
+ $req_uri = preg_replace( "|^$home_path|i", '', $req_uri );
141
+ $req_uri = trim( $req_uri, '/' );
142
+
143
+ if ( $req_uri == get_option('rwl_page') ) {
144
+
145
+ status_header( 200 );
146
+
147
+ require_once( dirname( __FILE__ ) . '/wp-login.php' );
148
+
149
+ exit;
150
+
151
+ }
152
}
153
+
154
}
155
156
function rwl_login_init() {
157
+
158
+ if ( strpos( $_SERVER['REQUEST_URI'], 'wp-login.php' ) ) {
159
+
160
+ rwl_404();
161
+
162
}
163
+
164
}
165
166
+ function rwl_filter_site_url( $url, $path, $scheme, $blog_id ) {
167
+
168
+ return ( strpos( $path, 'wp-login.php' ) !== false && $scheme == 'login_post' ) ? rwl_login_url() . str_replace( 'wp-login.php', '', $path ) : $url;
169
+
170
}
171
172
+ function rwl_filter_login_url( $login_url, $redirect = '' ) {
173
+
174
+ $login_url = rwl_login_url();
175
+
176
+ if ( ! empty( $redirect ) )
177
+ $login_url = add_query_arg( 'redirect_to', urlencode( $redirect ), $login_url );
178
+
179
+ return $login_url;
180
+
181
}
182
183
+ function rwl_filter_logout_url( $login_url, $redirect = '' ) {
184
+
185
+ $args = array();
186
+ $args['action'] = 'logout';
187
+ if ( ! empty( $redirect ) )
188
+ $args['redirect_to'] = urlencode( $redirect );
189
+
190
+ $logout_url = add_query_arg( $args, rwl_login_url() );
191
+ $logout_url = wp_nonce_url( $logout_url, 'log-out' );
192
+
193
+ return $logout_url;
194
}
195
196
+ function rwl_filter_register_url( $register_url ) {
197
+
198
+ return rwl_login_url() . '?action=register';
199
+
200
}
201
202
+ function rwl_filter_lostpassword_url( $lostpassword_url, $redirect = '' ) {
203
+
204
+ $args = array();
205
+ $args['action'] = 'lostpassword';
206
+ if ( ! empty( $redirect) )
207
+ $args['redirect_to'] = urlencode( $redirect );
208
+
209
+ $lostpassword_url = add_query_arg( $args, rwl_login_url() );
210
+
211
+ return $lostpassword_url;
212
}
213
214
+ function rwl_login_url() {
215
+
216
+ return site_url() . '/' . get_option( 'rwl_page' ) . '/';
217
+
218
}
219
220
+ function rwl_404() {
221
+
222
+ global $wp_query;
223
+
224
+ status_header(404);
225
+
226
+ $wp_query->set_404();
227
+
228
+ $template = get_404_template();
229
+
230
+ if ( ! $template )
231
+ $template = get_index_template();
232
+
233
+ if ( $template = apply_filters( 'template_include', $template ) )
234
+ include( $template );
235
+
236
+ exit;
237
+
238
}