Stealth Login Page - Version 1.1.3

Version Description

Release Info

Developer	peterdog
Plugin	Stealth Login Page
Version	1.1.3
Comparing to
See all releases

Code changes from version 1.1.0 to 1.1.3

Files changed (7) hide show

images/pmg-logo.png +0 -0
includes/settings-page.php +51 -7
languages/{stealth-login-page-de_DE.po → stealth-login-page-de_de.po} +1 -2
languages/stealth-login-page-pl_PL.mo +0 -0
languages/stealth-login-page-pl_PL.po +118 -0
plugin.php +27 -1
readme.txt +26 -1

images/pmg-logo.png ADDED Viewed

Binary file

includes/settings-page.php CHANGED Viewed

@@ -1,11 +1,5 @@
             <?php
-            -
            add_action('admin_menu', 'slp_plugin_menu');
-            -
            function slp_plugin_menu() {
-            -
            	add_options_page( __( 'Stealth Login Page', 'stealth-login-page' ), __( 'Stealth Login Page', 'stealth-login-page' ), 'manage_options', 'stealth-login-page', 'slp_admin' );
-            -
            	    return;
-            -
            }
-            -
             add_action('admin_init', 'slp_register_settings'); // create settings in database
             function slp_register_settings() {
             	register_setting('slp_settings_group', 'slp_settings');
@@ -22,6 +16,11 @@ function slp_email_admin() {
+            	}
+            }
             function slp_admin() {
             	global $slp_options;
@@ -31,7 +30,8 @@ function slp_admin() {
             	<h2><?php _e( 'Stealth Login Page Options', 'stealth-login-page' ); ?></h2>
             	<form method="post" action="options.php">
-            -
            		<?php settings_fields('slp_settings_group'); ?>
             		<h4><?php _e( 'Enable/Disable Stealth Login Page', 'stealth-login-page' ); ?></h4>
@@ -77,4 +77,48 @@ function slp_admin() {
             	</div><!-- .wrap -->
             	<?php
             	echo ob_get_clean();
+            }


1	<?php
2






3	add_action('admin_init', 'slp_register_settings'); // create settings in database
4	function slp_register_settings() {
5	register_setting('slp_settings_group', 'slp_settings');

16	}
17	}
18
19	+ /**
20	+ * Settings page
21	+ *
22	+ * @since 1.0.0
23	+ */
24	function slp_admin() {
25
26	global $slp_options;

30	<h2><?php _e( 'Stealth Login Page Options', 'stealth-login-page' ); ?></h2>
31	<form method="post" action="options.php">
32
33	+ <?php settings_fields('slp_settings_group');
34	+ slp_credits(); ?>
35
36	<h4><?php _e( 'Enable/Disable Stealth Login Page', 'stealth-login-page' ); ?></h4>
37

77	</div><!-- .wrap -->
78	<?php
79	echo ob_get_clean();
80	+ }
81	+
82	+ /*-------------------------------------------------------------
83	+ Name: slp_credits
84	+
85	+ Purpose: Promotional stuff shown throughout the plugin
86	+ Since: 1.1.3
87	+ -------------------------------------------------------------*/
88	+ function slp_credits() {
89	+
90	+ echo '<table class="widefat" style="margin-top: .5em">';
91	+
92	+ echo '<thead>';
93	+ echo '<tr valign="top">';
94	+ echo ' <th width="27%">'.__('Your support makes a difference', 'stealth-login-page').'</th>';
95	+ echo ' <th>'.__('Useful links', 'stealth-login-page').'</th>';
96	+ echo ' <th width="35%">'.__('Brought to you by', 'stealth-login-page').'</th>';
97	+ echo '</tr>';
98	+ echo '</thead>';
99	+
100	+ echo '<tbody>';
101	+ echo '<tr>';
102	+ echo '<td><ul>';
103	+ echo ' <li><center>'.__('Your generous gift will ensure the continued development of Stealth Login Page and bring more benefits and features.
104	+ Thank you for your consideration!', 'stealth-login-page').'</center></li>';
105	+ echo ' <li><center><a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=7T2JDSM64HQV8" target="_blank"><img src="http://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" /></a></center></li>';
106	+ echo ' <li>'.__('Like the plugin? Please ', 'stealth-login-page').' <a href="http://wordpress.org/support/view/plugin-reviews/stealth-login-page?rate=5#postform" target="_blank">'.__('rate and review', 'stealth-login-page').'</a> it.</li>';
107	+ echo '</ul></td>';
108	+
109	+ echo '<td style="border-left:1px #ddd solid;"><ul>';
110	+
111	+ echo ' <li>'.__('Find my website at', 'stealth-login-page').' <a href="http://www.petersenmediagroup.com" target="_blank">petersenmediagroup.com</a>.</li>';
112	+ echo ' <li>'.__('Beef up your security even more with', 'stealth-login-page').' <a href="http://wordpress.org/extend/plugins/limit-login-attempts/" target="_blank">'.__('Limit Login Attempts','stealth-login-page').'</a>.</li>';
113	+ echo ' <li>'.__('Learn more about secure WordPress hosting with a ', 'stealth-login-page').' <a href="http://www.petersenmediagroup.com/wordpress-hosting/" target="_blank">'.__('managed host', 'stealth-login-page').'</a>.</li>';
114	+ echo '</ul></td>';
115	+
116	+ echo '<td style="border-left:1px #ddd solid;"><ul>';
117	+ echo ' <li><a href="http://www.petersenmediagroup.com" title="Petersen Media Group"><img src="'.WP_CONTENT_URL.'/plugins/stealth-login-page/images/pmg-logo.png" alt="pmg-logo" width="150" height="67" align="left" style="padding: 0 10px 10px 0;" /></a>';
118	+ echo ' <a href="http://www.petersenmediagroup.com" title="Petersen Media Group">Petersen Media Group</a> - '.__('I’m a straight-shooter and listen to what my clients want, run it through my filters, and come up with what they need. Not a "yes man" by any stretch of the imagination, I don’t consider a project a success unless it serves my client well. I have a "do no harm" policy to protect them from mis-information and trying things I’ve already learned about the hard way.', 'stealth-login-page').' '.__('Visit the', 'stealth-login-page').' <a href="http://www.petersenmediagroup.com" target="_blank">'.__('Petersen Media Group', 'stealth-login-page').'</a> '.__('website', 'stealth-login-page').'.</li>';
119	+ echo '</ul></td>';
120	+ echo '</tr>';
121	+ echo '</tbody>';
122	+
123	+ echo '</table>';
124	}

languages/{stealth-login-page-de_DE.po → stealth-login-page-de_de.po} RENAMED Viewed

	@@ -137,5 +137,4 @@ msgstr "1.0.0"
137	#@ stealth-login-page
138	#: plugin.php:36
139	msgid "Sorry, you are not allowed to access this page directly."
140	- msgstr "Entschuldigung, aber Ihnen ist es nicht erlaubt auf diese Seite direkt zuzugreifen."
141	-


137	#@ stealth-login-page
138	#: plugin.php:36
139	msgid "Sorry, you are not allowed to access this page directly."
140	+ msgstr "Entschuldigung, aber Ihnen ist es nicht erlaubt auf diese Seite direkt zuzugreifen."

languages/stealth-login-page-pl_PL.mo ADDED Viewed

Binary file

languages/stealth-login-page-pl_PL.po ADDED Viewed

	@@ -0,0 +1,118 @@


1	+ # This file is distributed under the same license as the Stealth Login Page package.
2	+ msgid ""
3	+ msgstr ""
4	+ "Project-Id-Version: Stealth Login Page\n"
5	+ "POT-Creation-Date: \n"
6	+ "PO-Revision-Date: 2013-04-12 10:01+0100\n"
7	+ "Last-Translator: Ryszard Wojniusz <rwpb@o2.pl>\n"
8	+ "Language-Team: rwpb <rwpb@o2.pl>\n"
9	+ "Language: pl_PL\n"
10	+ "MIME-Version: 1.0\n"
11	+ "Content-Type: text/plain; charset=UTF-8\n"
12	+ "Content-Transfer-Encoding: 8bit\n"
13	+ "Plural-Forms: nplurals=2; plural=n != 1;\n"
14	+ "X-Generator: Poedit 1.5.5\n"
15	+ "X-Poedit-SourceCharset: UTF-8\n"
16	+
17	+ #: includes/settings-page.php:5 plugin.php:0
18	+ msgid "Stealth Login Page"
19	+ msgstr "Ukryta strona logowania"
20	+
21	+ #: includes/settings-page.php:19
22	+ msgid "Custom login URL for %s"
23	+ msgstr "Nowy adres logowania dla %s"
24	+
25	+ #: includes/settings-page.php:20
26	+ msgid "Your custom login URL for %1$s is %2$s"
27	+ msgstr "Twój nowy adres URL do %1$s to %2$s"
28	+
29	+ #: includes/settings-page.php:31
30	+ msgid "Stealth Login Page Options"
31	+ msgstr "Opcje wtyczki Ukryta strona logowania"
32	+
33	+ #: includes/settings-page.php:36
34	+ msgid "Enable/Disable Stealth Login Page"
35	+ msgstr "Włącz/wyłącz Ukrytą stronę logowania"
36	+
37	+ #: includes/settings-page.php:40
38	+ msgid "Enable Stealth Mode"
39	+ msgstr "Ukryj stronę logowania"
40	+
41	+ #: includes/settings-page.php:42
42	+ msgid ""
43	+ "Those attempting to gain access to your login form will be automatcally "
44	+ "redirected to a customizble URL. Enter that URL below."
45	+ msgstr ""
46	+ "Przy próbie dostępu do dotychczasowej strony logowania nastąpi automatyczne "
47	+ "przekierowanie na inny adres URL. Wprowadź adres URL, na który ma następić "
48	+ "przekierowanie."
49	+
50	+ #: includes/settings-page.php:44
51	+ msgid "URL to redirect unauthorized attempts to"
52	+ msgstr "Adres URL przekierowania przy nieautoryzowanej próbie dostępu "
53	+
54	+ #: includes/settings-page.php:48
55	+ msgid ""
56	+ "The first part of the new URL string to reach your login form is the "
57	+ "\"question.\" It is just an arbitrary word or code. Complexity will not "
58	+ "matter much at this time."
59	+ msgstr ""
60	+ "Pierwsza część nowego adresu URL nazywana jest \"pytaniem.\" Możesz tu użyć "
61	+ "jakiegoś słowa lub kodu liczbowego . Złożoność nie ma większego znaczenia w "
62	+ "tym momencie."
63	+
64	+ #: includes/settings-page.php:50
65	+ msgid "String used for the \"question\""
66	+ msgstr "Wyrażenie użyte jako \"pytanie\""
67	+
68	+ #: includes/settings-page.php:54
69	+ msgid ""
70	+ "The second part of the new URL string to reach your login form is the "
71	+ "\"answer.\" It is also just an arbitrary word or code."
72	+ msgstr ""
73	+ "Druga część nowego adresu URL nazywana jest \"odpowiedzią.\" Możesz tu użyć "
74	+ "jakiegoś słowa lub kodu liczbowego."
75	+
76	+ #: includes/settings-page.php:56
77	+ msgid "String used for the \"answer\""
78	+ msgstr "Wyrażenie użyte jako \"odpowiedź\""
79	+
80	+ #: includes/settings-page.php:63
81	+ msgid "Email login URL to admin"
82	+ msgstr "Wyślij nowy adres logowania do administratora"
83	+
84	+ #: includes/settings-page.php:67
85	+ msgid "Save Settings"
86	+ msgstr "Zapisz opcje"
87	+
88	+ #: includes/settings-page.php:73
89	+ msgid "Your custom login URL is:"
90	+ msgstr "Twój nowy adres URL do logowania:"
91	+
92	+ #: plugin.php:0
93	+ msgid "http://www.petersenmediagroup.com/plugins/stealth-login-page"
94	+ msgstr "http://www.petersenmediagroup.com/plugins/stealth-login-page"
95	+
96	+ #: plugin.php:0
97	+ msgid ""
98	+ "Protect your /wp-admin and wp-login.php pages from being accessed without "
99	+ "editing .htaccess"
100	+ msgstr ""
101	+ "Ukryj dostęp do administracji swojej strony ( /wp-admin i wp-login.php ) "
102	+ "przed nieautoryzowanym dostępem bez edycji pliku .htaccess"
103	+
104	+ #: plugin.php:0
105	+ msgid "Jesse Petersen"
106	+ msgstr "Jesse Petersen"
107	+
108	+ #: plugin.php:0
109	+ msgid "http://www.petersenmediagroup.com"
110	+ msgstr "http://www.petersenmediagroup.com"
111	+
112	+ #: plugin.php:0
113	+ msgid "1.0.0"
114	+ msgstr "1.0.0"
115	+
116	+ #: plugin.php:36
117	+ msgid "Sorry, you are not allowed to access this page directly."
118	+ msgstr "Nie jest możliwe bezpośrednie wywołanie tej strony. Przepraszam."

plugin.php CHANGED Viewed

@@ -2,7 +2,7 @@
             /*
               Plugin Name: Stealth Login Page
               Plugin URI: http://www.petersenmediagroup.com/plugins/stealth-login-page
-            -
              Version: 1.1.1
               Author: Jesse Petersen
               Author URI: http://www.petersenmediagroup.com
               Description: Protect your /wp-admin and wp-login.php pages from being accessed without editing .htaccess
@@ -48,6 +48,32 @@ function slp_load_plugin_translations() {
+            }
             // Global Variables ---------------------- //
             $slp_prefix = 'slp_';
             $slp_plugin_name = 'Stealth Login Page';


2	/*
3	Plugin Name: Stealth Login Page
4	Plugin URI: http://www.petersenmediagroup.com/plugins/stealth-login-page
5	+ Version: 1.1.3
6	Author: Jesse Petersen
7	Author URI: http://www.petersenmediagroup.com
8	Description: Protect your /wp-admin and wp-login.php pages from being accessed without editing .htaccess

48
49	}
50
51	+ add_action('admin_menu', 'slp_plugin_menu');
52	+ function slp_plugin_menu() {
53	+ add_options_page( __( 'Stealth Login Page', 'stealth-login-page' ), __( 'Stealth Login Page', 'stealth-login-page' ), 'manage_options', 'stealth-login-page', 'slp_admin' );
54	+ return;
55	+ }
56	+
57	+ /**
58	+ * Add settings link on plugin page
59	+ *
60	+ * @since 1.1.3
61	+ * @param array $links
62	+ * @param string $file
63	+ * @return array
64	+ */
65	+ add_filter( 'plugin_action_links', 'slp_admin_settings_link', 10, 2 );
66	+ function slp_admin_settings_link( $links, $file ) {
67	+
68	+ if ( plugin_basename(__FILE__) == $file ) {
69	+ $settings_link = '<a href="' . admin_url( 'options-general.php?page=stealth-login-page' ) . '">' . __( 'Settings', 'stealth-login-page' ) . '</a>';
70	+ array_unshift( $links, $settings_link );
71	+ }
72	+
73	+ return $links;
74	+
75	+ }
76	+
77	// Global Variables ---------------------- //
78	$slp_prefix = 'slp_';
79	$slp_plugin_name = 'Stealth Login Page';

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_i
4	Tags: login, wp-admin, redirect, security, 302
5	Requires at least: 3.4.2
6	Tested up to: 3.5.1
7	- Stable tag: 1.1.1
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -26,6 +26,10 @@ When using a login limiting plugin, it is possible that someone is on your netwo
26
27	This does NOT replace the need for security "best practices" such as a strong password or a secure hosting environment. This is an additional layer of security, best combined with a login limiter such as <a href="http://wordpress.org/extend/plugins/limit-login-attempts/">Limit Login Attempts</a> or <a href="http://wordpress.org/extend/plugins/login-lockdown/">Login Lockdown</a>.
28




29	== Installation ==
30
31	1. Upload contents of the directory to /wp-content/plugins/ (or use the automatic installer)
	@@ -39,6 +43,10 @@ This does NOT replace the need for security "best practices" such as a strong pa
39
40	Absolutely.
41




42	= Are both the redirected folder /wp-admin and the page wp-login.php secured? =
43
44	Yes, as long as you are not actively logged into the site on that computer. You may enter your dashboard normally if you're in an active session. Once the session expires, you're further protected by it automatically redirecting rather than gaining access to the login form since WordPress redirects session timeouts to wp-login.php, unaware of the new URL string.
	@@ -55,6 +63,14 @@ See more [examples](http://www.petersenmediagroup.com/plugins/stealth-login-page
55
56	== Changelog ==
57








58	= 1.1.1 =
59	* Bugfix: PHP debug error when activated by not enabled.
60	* Elaborated readme.txt to point out that this does not replace "best practices" for security protocol in other areas. This is simply another layer.
	@@ -67,6 +83,15 @@ See more [examples](http://www.petersenmediagroup.com/plugins/stealth-login-page
67
68	== Upgrade Notice ==
69









70	= 1.1.1 =
71	* Bugfix: PHP debug error when activated by not enabled.
72	* Elaborated readme.txt to point out that this does not replace "best practices" for security protocol in other areas. This is simply another layer.


4	Tags: login, wp-admin, redirect, security, 302
5	Requires at least: 3.4.2
6	Tested up to: 3.5.1
7	+ Stable tag: 1.1.3
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

26
27	This does NOT replace the need for security "best practices" such as a strong password or a secure hosting environment. This is an additional layer of security, best combined with a login limiter such as <a href="http://wordpress.org/extend/plugins/limit-login-attempts/">Limit Login Attempts</a> or <a href="http://wordpress.org/extend/plugins/login-lockdown/">Login Lockdown</a>.
28
29	+ = WP 3.6 Warning =
30	+
31	+ It has come to my attention that the new WP 3.6 session timeout function opens up the login form but it doesn't have any idea about the new URL to avoid a redirect, so it will automatically redirect when this happens. I AM trying to fix this before 3.6 drops, but please be aware of this if you don't see v 1.2.1 and you've upgraded to WP 3.6 or 3.6-beta.
32	+
33	== Installation ==
34
35	1. Upload contents of the directory to /wp-content/plugins/ (or use the automatic installer)

43
44	Absolutely.
45
46	+ = I noticed Limit Login Attempts or Login Lockdown still reporting lockouts. Why? =
47	+
48	+ We've realized that bots (or really bored people) can enter a URL string in the address bar that attempts to log in without ever showing the login form. If the guess is unsuccessful, then they are redirected just the same and their IP address is logged by the other plugins. This reinforces the need for a 3-prong approach: strong credentials, login limiter plugin, and a stealthy login page.
49	+
50	= Are both the redirected folder /wp-admin and the page wp-login.php secured? =
51
52	Yes, as long as you are not actively logged into the site on that computer. You may enter your dashboard normally if you're in an active session. Once the session expires, you're further protected by it automatically redirecting rather than gaining access to the login form since WordPress redirects session timeouts to wp-login.php, unaware of the new URL string.

63
64	== Changelog ==
65
66	+ = 1.1.3=
67	+ * Added Settings Link on the Plugins page to link to the settings.
68	+ * Added useful links to the settings page.
69	+
70	+ = 1.1.2 =
71	+ * Polish localization.
72	+ * Updated FAQ with new information on why lockouts can still happen. I am working out how to protect from that, also, if it is at all possible.
73	+
74	= 1.1.1 =
75	* Bugfix: PHP debug error when activated by not enabled.
76	* Elaborated readme.txt to point out that this does not replace "best practices" for security protocol in other areas. This is simply another layer.

83
84	== Upgrade Notice ==
85
86	+ = 1.1.3=
87	+ * Added some more IP address security - to be updated periodically.
88	+ * Added Settings Link on the Plugins page to link to the settings.
89	+ * Added useful links to the settings page.
90	+
91	+ = 1.1.2 =
92	+ * Polish localization.
93	+ * Updated FAQ with new information on why lockouts can still happen. I am working out how to protect from that, also, if it is at all possible.
94	+
95	= 1.1.1 =
96	* Bugfix: PHP debug error when activated by not enabled.
97	* Elaborated readme.txt to point out that this does not replace "best practices" for security protocol in other areas. This is simply another layer.