Move Login - Version 0.1

Version Description

  • 2013/06/03
  • First public beta release
  • Thanks to juliobox, who's joining the project :)

=

Download this release

Release Info

Developer GregLone
Plugin Icon 128x128 Move Login
Version 0.1
Comparing to
See all releases

Version 0.1

Files changed (4) hide show
  1. languages/sfml-fr_FR.mo +0 -0
  2. languages/sfml-fr_FR.po +38 -0
  3. readme.txt +75 -0
  4. sf-move-login.php +251 -0
languages/sfml-fr_FR.mo ADDED
Binary file
languages/sfml-fr_FR.po ADDED
@@ -0,0 +1,38 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # LANGUAGE French translation for SF Move Login plugin for WordPress.
2
+ # Copyright (C) 2013 Grégory Viguier
3
+ # Grégory Viguier.
4
+ #
5
+ msgid ""
6
+ msgstr ""
7
+ "Project-Id-Version: w3p-acpt 0.3\n"
8
+ "Report-msgid -Bugs-To: http://scri.in/contact/\n"
9
+ "POT-Creation-Date: 2013-06-01 00:04+0100\n"
10
+ "PO-Revision-Date: 2013-06-03 01:57+0100\n"
11
+ "Last-Translator: Grégory Viguier <gregory@screenfeed.fr>\n"
12
+ "Language-Team: fr_FR\n"
13
+ "MIME-Version: 1.0\n"
14
+ "Content-Type: text/plain; charset=utf-8\n"
15
+ "Content-Transfer-Encoding: 8bit\n"
16
+ "Plural-Forms: nplurals=2; plural=n>1;\n"
17
+ "X-Poedit-SourceCharset: utf-8\n"
18
+ "X-Poedit-KeywordsList: __;_e\n"
19
+ "Language: fr_FR\n"
20
+ "X-Generator: Poedit 1.5.5\n"
21
+
22
+ msgid "Change your login url to http://example.com/login"
23
+ msgstr "Changez l'url de votre page de connexion pour http://example.com/login"
24
+
25
+ msgid "Please Make sure to enable %s."
26
+ msgstr "Assurez-vous d'activer les %s."
27
+
28
+ msgid "It seems your server configuration prevent the plugin to work properly. <i>SF Move Login</i> will not be activated."
29
+ msgstr "Il semble que votre configuration serveur empêche l'extension de fonctionner correctement. <i>SF Move Login</i> ne sera pas activé."
30
+
31
+ msgid "<strong>SF Move Login</strong> has not been activated."
32
+ msgstr "<strong>SF Move Login</strong> n'a pas été activé."
33
+
34
+ msgid "<i>SF Move Login</i> needs access to the %1$s file. Please visit the %2$s settings page and copy/paste the given code into the %1$s file."
35
+ msgstr "<i>SF Move Login</i> a besoin d'accéder au fichier %1$s. Merci de vous rendre sur la page de réglages des %2$s et de copier/coller le code fourni dans le fichier %1$s."
36
+
37
+ msgid "No no no, the login form is not here."
38
+ msgstr "Non non non, le formulaire de connexion ne se trouve pas ici."
readme.txt ADDED
@@ -0,0 +1,75 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ === SF Move Login ===
2
+
3
+ Contributors: GregLone, juliobox
4
+ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=UBY2MY2J4YB7J&item_number=SF-Move-Login
5
+ Tags: login, logout, url, security
6
+ Requires at least: 3.0
7
+ Tested up to: 3.6-beta3
8
+ Stable tag: trunk
9
+ License: GPLv3
10
+
11
+ Change your login url to http://example.com/login.
12
+
13
+
14
+ == Description ==
15
+
16
+ This plugin forbids access to **http://example.com/wp-login.php** and creates new urls, like **http://example.com/login** or **http://example.com/logout**.
17
+
18
+ This is a great way to limit bots trying to brute-forcing your login (trying to guess your login and password). Of course, the new urls are easier to remember too.
19
+ The plugin is small, fast, and does not create new security vulnerabilities like some other plugins I've seen.
20
+
21
+ No settings: activate, it works.
22
+
23
+ Also remember: using this plugin does NOT exempt you to use a strong password. Moreover, never use "admin" as login, this is the first attempt for bots.
24
+
25
+ **Please note that the plugin works properly so far, but still in beta.**
26
+
27
+ = Translations =
28
+
29
+ * English
30
+ * French
31
+
32
+ = Multisite =
33
+
34
+ Not tested, but should be ready for Multisite.
35
+
36
+ = Requirements =
37
+
38
+ See some important informations in the "Installation" tab.
39
+
40
+
41
+ == Installation ==
42
+
43
+ 1. Extract the plugin folder from the downloaded ZIP file.
44
+ 2. Upload sf-move-login folder to your `/wp-content/plugins/` directory.
45
+ 3. Enable url rewriting in the permalinks settings page.
46
+ 4. if you have another plugin that redirects **http://example.com/login** to **http://example.com/wp-login.php** (a short-links plugin for example), disable it or remove the redirection, otherwise they will conflict and you'll be locked out. See the faq in case you're not able to reach the login page (make sure to have a ftp access to your site).
47
+ 5. Activate the plugin from the "Plugins" page.
48
+ 6. If the plugin can't write your `.htaccess` file, you'll need to edit it yourself with a ftp access.
49
+
50
+
51
+ == Frequently Asked Questions ==
52
+
53
+ = Can I set my own urls? =
54
+
55
+ Nop, sorry. I prefer keep the plugin as simple as possible.
56
+
57
+ = I'm locked out! I can't access the login page! =
58
+
59
+ You're screwed! No, I'm kidding, but you need a ftp access to your site. When logged in with your ftp software, open the file wp-config.php located at the root of your installation. Simply add this in the file: `define('SFML_ALLOW_LOGIN_ACCESS', true);` and save the file. This will bypass the plugin and you'll be able to access **http://example.com/wp-login.php**. Another plugin may conflict, you'll need to find which one before removing this new line of code.
60
+
61
+ Eventually, check out [my blog](http://www.screenfeed.fr/sfml/) for more infos, help, or bug reports (sorry guys, it's in french, but feel free to leave a comment in english).
62
+
63
+
64
+ == Changelog ==
65
+
66
+ = 0.1 =
67
+
68
+ * 2013/06/03
69
+ * First public beta release
70
+ * Thanks to juliobox, who's joining the project :)
71
+
72
+
73
+ == Upgrade Notice ==
74
+
75
+ Nothing special
sf-move-login.php ADDED
@@ -0,0 +1,251 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /*
3
+ * Plugin Name: SF Move Login
4
+ * Plugin URI: http://www.screenfeed.fr
5
+ * Description: Change your login url to http://example.com/login
6
+ * Version: 0.1
7
+ * Author: Grégory Viguier
8
+ * Author URI: http:www.screenfeed.fr/greg/
9
+ * License: GPLv3
10
+ * Require: WordPress 3.0
11
+ * Text Domain: sfml
12
+ * Domain Path: /languages/
13
+ */
14
+
15
+ /* ----------------------------------------------------------------------------- */
16
+ /* */
17
+ /* Activation / Deactivation */
18
+ /* */
19
+ /* ----------------------------------------------------------------------------- */
20
+
21
+ register_activation_hook( __FILE__, 'sfml_activate' );
22
+ function sfml_activate() {
23
+ $dies = array();
24
+ $notices = array();
25
+ $home_path = get_home_path();
26
+ load_plugin_textdomain( 'sfml', false, basename( dirname( __FILE__ ) ) . '/languages/' ); // wp_die() will need i18n
27
+
28
+ if ( iis7_supports_permalinks() ) {
29
+ if ( !( ( !file_exists($home_path . 'web.config') && win_is_writable($home_path) ) || win_is_writable($home_path . 'web.config') ) )
30
+ $notices[] = 'htaccess_not_writable';
31
+ } else {
32
+ if ( !( ( !file_exists($home_path . '.htaccess') && is_writable($home_path) ) || is_writable($home_path . '.htaccess') ) )
33
+ $notices[] = 'htaccess_not_writable';
34
+ }
35
+ if ( !get_option('permalink_structure') )
36
+ $dies[] = sprintf(__('Please Make sure to enable %s.', 'sfml'), '<a href="options-permalink.php">'.__('Permalinks').'</a>');
37
+
38
+ if ( empty($GLOBALS['HTTP_SERVER_VARS']['REQUEST_URI']) && empty($_SERVER['REQUEST_URI']) )
39
+ $dies[] = __('It seems your server configuration prevent the plugin to work properly. <i>SF Move Login</i> will not be activated.', 'sfml');
40
+
41
+ if ( count($dies) ) {
42
+ wp_die( __('<strong>SF Move Login</strong> has not been activated.', 'sfml').'<br/>'.implode('<br/>', $dies), __('Error'), array('back_link' => true) );
43
+ } else {
44
+ if ( count($notices) )
45
+ set_transient('sfml_notices-'.get_current_user_id(), $notices);
46
+ sfml_rewrite();
47
+ flush_rewrite_rules();
48
+ }
49
+ }
50
+
51
+
52
+ register_deactivation_hook( __FILE__, 'flush_rewrite_rules' );
53
+
54
+
55
+ // !Admin notices
56
+
57
+ add_action('admin_init', 'sfml_notices');
58
+ function sfml_notices() {
59
+ $user_id = get_current_user_id();
60
+ $notices = get_transient('sfml_notices-'.$user_id);
61
+
62
+ if ( $notices && is_array($notices) && count($notices) ) {
63
+ foreach ( $notices as $notice ) {
64
+ add_action('admin_notices', 'sfml_'.$notice.'_notice');
65
+ }
66
+ delete_transient('sfml_notices-'.$user_id);
67
+ }
68
+ }
69
+
70
+
71
+ function sfml_htaccess_not_writable_notice() {
72
+ $file = iis7_supports_permalinks() ? '<code>web.config</code>' : '<code>.htaccess</code>';
73
+ echo '<div class="error"><p>'
74
+ .sprintf(
75
+ __('<i>SF Move Login</i> needs access to the %1$s file. Please visit the %2$s settings page and copy/paste the given code into the %1$s file.', 'sfml'),
76
+ $file,
77
+ '<a href="options-permalink.php">'.__('Permalinks').'</a>'
78
+ )
79
+ .'</p></div>';
80
+ }
81
+
82
+
83
+ /* ----------------------------------------------------------------------------- */
84
+ /* */
85
+ /* i18n support */
86
+ /* */
87
+ /* ----------------------------------------------------------------------------- */
88
+
89
+ add_action( 'init', 'sfml_lang_init' );
90
+ function sfml_lang_init() {
91
+ load_plugin_textdomain( 'sfml', false, basename( dirname( __FILE__ ) ) . '/languages/' );
92
+ }
93
+
94
+
95
+ /* ----------------------------------------------------------------------------- */
96
+ /* */
97
+ /* Rewrite rules */
98
+ /* */
99
+ /* ----------------------------------------------------------------------------- */
100
+
101
+ add_action( 'setup_theme', 'sfml_rewrite' );
102
+ function sfml_rewrite() {
103
+ add_rewrite_rule( 'login/?([\?&].*)?$', 'wp-login.php', 'top' );
104
+ $actions = array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register' );
105
+ foreach ( $actions as $action ) {
106
+ add_rewrite_rule( $action.'/?([\?&].*)?$', 'wp-login.php?action='.$action, 'top' );
107
+ }
108
+ }
109
+
110
+
111
+ /* ----------------------------------------------------------------------------- */
112
+ /* */
113
+ /* Bypass */
114
+ /* */
115
+ /* ----------------------------------------------------------------------------- */
116
+
117
+ if ( defined('SFML_ALLOW_LOGIN_ACCESS') && SFML_ALLOW_LOGIN_ACCESS )
118
+ return;
119
+
120
+
121
+ /* ----------------------------------------------------------------------------- */
122
+ /* */
123
+ /* Filter urls */
124
+ /* */
125
+ /* ----------------------------------------------------------------------------- */
126
+
127
+ // !Site URL
128
+ add_filter( 'site_url', 'sfml_site_url', 10, 4);
129
+ function sfml_site_url( $url, $path, $scheme, $blog_id ) {
130
+ if ( ($scheme === 'login' || $scheme === 'login_post') && !empty($path) && is_string($path) && strpos($path, '..') === false && strpos($path, 'wp-login.php') !== false ) {
131
+ // Base url
132
+ if ( empty( $blog_id ) || !is_multisite() ) {
133
+ $url = get_option( 'siteurl' );
134
+ } else {
135
+ switch_to_blog( $blog_id );
136
+ $url = get_option( 'siteurl' );
137
+ restore_current_blog();
138
+ }
139
+ $url = set_url_scheme( $url, $scheme );
140
+
141
+ // Action
142
+ $parsed_path = parse_url( $path );
143
+ if ( !empty( $parsed_path['query'] ) ) {
144
+ wp_parse_str( $parsed_path['query'], $params );
145
+ $action = !empty( $params['action'] ) ? $params['action'] : 'login';
146
+
147
+ if ( isset( $params['key'] ) )
148
+ $action = 'resetpass';
149
+
150
+ if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login' ), true ) && false === has_filter( 'login_form_' . $action ) )
151
+ $action = 'login';
152
+ } else
153
+ $action = 'login';
154
+
155
+ // Path
156
+ $path = str_replace('wp-login.php', $action, $path);
157
+ $path = remove_query_arg('action', $path);
158
+
159
+ return $url . '/' . ltrim( $path, '/' );
160
+ }
161
+ return $url;
162
+ }
163
+
164
+
165
+ // !Network site URL
166
+ add_filter( 'network_site_url', 'sfml_site_url', 10, 3);
167
+
168
+ // !Utility: /login?action=logout -> /logout
169
+ function sfml_login_to_action( $link, $action ) {
170
+ if ( $link && strpos($link, '/'.$action) === false )
171
+ return str_replace(array('/login', '&amp;', '?amp;', '&'), array('/'.$action, '&', '?', '&amp;'), remove_query_arg('action', $link));
172
+ return $link;
173
+ }
174
+
175
+
176
+ // !Logout url: wp_logout_url() add the action param after using site_url()
177
+ add_filter( 'logout_url', 'sfml_logout_url' );
178
+ function sfml_logout_url( $link ) {
179
+ return sfml_login_to_action( $link, 'logout' );
180
+ }
181
+
182
+
183
+ // !Forgot password url: lostpassword_url() add the action param after using site_url()
184
+ add_filter( 'lostpassword_url', 'sfml_lostpass_url' );
185
+ function sfml_lostpass_url( $link ) {
186
+ return sfml_login_to_action( $link, 'lostpassword' );
187
+ }
188
+
189
+
190
+ /* ----------------------------------------------------------------------------- */
191
+ /* */
192
+ /* Redirections */
193
+ /* */
194
+ /* ----------------------------------------------------------------------------- */
195
+
196
+ // !Redirections are hard-coded
197
+ add_filter('wp_redirect', 'sfml_redirect', 10, 2);
198
+ function sfml_redirect( $location, $status ) {
199
+ if ( site_url( reset( explode( '?', $location ) ) ) == site_url( 'wp-login.php' ) )
200
+ return sfml_site_url( $location, $location, 'login' );
201
+
202
+ return $location;
203
+ }
204
+
205
+
206
+ /* ----------------------------------------------------------------------------- */
207
+ /* */
208
+ /* Block access to wp-login.php */
209
+ /* */
210
+ /* ----------------------------------------------------------------------------- */
211
+
212
+ // !No, you won't use wp-login.php
213
+ add_action( 'login_init', 'sfml_login_init', 0 );
214
+ function sfml_login_init() {
215
+ $uri = !empty($GLOBALS['HTTP_SERVER_VARS']['REQUEST_URI']) ? $GLOBALS['HTTP_SERVER_VARS']['REQUEST_URI'] : (!empty($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '');
216
+ $uri = parse_url( $uri );
217
+ $uri = !empty($uri['path']) ? str_replace( '/', '', basename($uri['path']) ) : '';
218
+
219
+ if ( $uri === 'wp-login.php' )
220
+ wp_die(__('No no no, the login form is not here.', 'sfml'));
221
+ }
222
+
223
+
224
+ /* ----------------------------------------------------------------------------- */
225
+ /* */
226
+ /* For WP < 3.4 */
227
+ /* */
228
+ /* ----------------------------------------------------------------------------- */
229
+
230
+ if ( !function_exists('set_url_scheme') ):
231
+ function set_url_scheme( $url, $scheme = null ) {
232
+ $orig_scheme = $scheme;
233
+ if ( ! in_array( $scheme, array( 'http', 'https', 'relative' ) ) ) {
234
+ if ( ( 'login_post' == $scheme || 'rpc' == $scheme ) && ( force_ssl_login() || force_ssl_admin() ) )
235
+ $scheme = 'https';
236
+ elseif ( ( 'login' == $scheme ) && force_ssl_admin() )
237
+ $scheme = 'https';
238
+ elseif ( ( 'admin' == $scheme ) && force_ssl_admin() )
239
+ $scheme = 'https';
240
+ else
241
+ $scheme = ( is_ssl() ? 'https' : 'http' );
242
+ }
243
+
244
+ if ( 'relative' == $scheme )
245
+ $url = preg_replace( '#^.+://[^/]*#', '', $url );
246
+ else
247
+ $url = preg_replace( '#^.+://#', $scheme . '://', $url );
248
+
249
+ return apply_filters( 'set_url_scheme', $url, $scheme, $orig_scheme );
250
+ }
251
+ endif;