Version Description
- Plugged security hole that allowed remote form submissions - CRITICAL UPDATE
- Requires all fields be filled in on the settings page to avoid saving incomplete entries.
Download this release
Release Info
Developer | peterdog |
Plugin | Stealth Login Page |
Version | 2.0.0 |
Comparing to | |
See all releases |
Code changes from version 1.1.2 to 2.0.0
- images/pmg-logo.png +0 -0
- includes/display-functions.php +12 -5
- includes/settings-page.php +11 -9
- languages/{stealth-login-page-de_DE.po → stealth-login-page-de_de.po} +1 -2
- languages/stealth-login-page-pl_PL.mo +0 -0
- languages/stealth-login-page-pl_PL.po +85 -3
- languages/stealth-login-page.pot +77 -1
- plugin.php +28 -1
- readme.txt +24 -2
images/pmg-logo.png
ADDED
Binary file
|
includes/display-functions.php
CHANGED
@@ -10,21 +10,28 @@
|
|
10 |
add_action( 'login_init', 'slp_login_stringcheck' );
|
11 |
function slp_login_stringcheck() {
|
12 |
|
13 |
-
global $slp_options;
|
14 |
|
15 |
-
|
16 |
$redirect = $slp_options['redirect_url'];
|
17 |
$question = $slp_options['question'];
|
18 |
$answer = $slp_options['answer'];
|
19 |
|
|
|
|
|
|
|
20 |
if ( ! isset( $_GET[$question] ) )
|
21 |
wp_redirect( esc_url_raw ($redirect), 302 );
|
22 |
-
|
23 |
-
|
24 |
// check for correct answer
|
25 |
if ( isset( $_GET[$question ] ) ) {
|
26 |
|
27 |
-
if ( $_GET[$question] !== $answer )
|
28 |
wp_redirect( esc_url_raw ($redirect), 302 );
|
|
|
|
|
|
|
|
|
|
|
29 |
}
|
30 |
}
|
10 |
add_action( 'login_init', 'slp_login_stringcheck' );
|
11 |
function slp_login_stringcheck() {
|
12 |
|
13 |
+
global $slp_options, $custom_url;
|
14 |
|
15 |
+
// set the location a failed attempt goes to
|
16 |
$redirect = $slp_options['redirect_url'];
|
17 |
$question = $slp_options['question'];
|
18 |
$answer = $slp_options['answer'];
|
19 |
|
20 |
+
// set the request URL
|
21 |
+
$form_request = site_url() . $_SERVER['REQUEST_URI'];
|
22 |
+
|
23 |
if ( ! isset( $_GET[$question] ) )
|
24 |
wp_redirect( esc_url_raw ($redirect), 302 );
|
25 |
+
|
|
|
26 |
// check for correct answer
|
27 |
if ( isset( $_GET[$question ] ) ) {
|
28 |
|
29 |
+
if ( $_GET[$question] !== $answer ) {
|
30 |
wp_redirect( esc_url_raw ($redirect), 302 );
|
31 |
+
|
32 |
+
if ( $form_request !== $custom_url ) {
|
33 |
+
wp_redirect( esc_url_raw ($redirect), 302 );
|
34 |
+
}
|
35 |
+
}
|
36 |
}
|
37 |
}
|
includes/settings-page.php
CHANGED
@@ -23,7 +23,7 @@ function slp_email_admin() {
|
|
23 |
*/
|
24 |
function slp_admin() {
|
25 |
|
26 |
-
global $slp_options;
|
27 |
|
28 |
ob_start(); ?>
|
29 |
<div class="wrap">
|
@@ -43,19 +43,19 @@ function slp_admin() {
|
|
43 |
|
44 |
<label class="description" for="slp_settings[redirect_url]"><?php _e( 'URL to redirect unauthorized attempts to', 'stealth-login-page' ); ?></label>
|
45 |
|
46 |
-
<input type="text" id="slp_settings[redirect_url]" name="slp_settings[redirect_url]" value="<?php echo $slp_options['redirect_url']; ?>" />
|
47 |
|
48 |
<p><?php _e( 'The first part of the new URL string to reach your login form is the "question." It is just an arbitrary word or code. Complexity will not matter much at this time.', 'stealth-login-page' ); ?></p>
|
49 |
|
50 |
<label class="description" for="slp_settings[question]"><?php _e( 'String used for the "question"', 'stealth-login-page' ); ?></label>
|
51 |
|
52 |
-
<input type="text" id="slp_settings[question]" name="slp_settings[question]" value="<?php echo $slp_options['question']; ?>" />
|
53 |
|
54 |
<p><?php _e( 'The second part of the new URL string to reach your login form is the "answer." It is also just an arbitrary word or code.', 'stealth-login-page' ); ?></p>
|
55 |
|
56 |
<label class="description" for="slp_settings[answer]"><?php _e( 'String used for the "answer"', 'stealth-login-page' ); ?></label>
|
57 |
|
58 |
-
<input type="text" id="slp_settings[answer]" name="slp_settings[answer]" value="<?php echo $slp_options['answer']; ?>" />
|
59 |
|
60 |
<p>
|
61 |
<input id="email-admin" type="checkbox" name="email-admin" value="0" />
|
@@ -68,9 +68,11 @@ function slp_admin() {
|
|
68 |
</p>
|
69 |
</form>
|
70 |
|
71 |
-
<?php
|
|
|
|
|
72 |
<div class="custom-url">
|
73 |
-
<p><?php _e( 'Your custom login URL is:', 'stealth-login-page' ); ?> <a href="<?php echo
|
74 |
</div>
|
75 |
<?php } ?>
|
76 |
|
@@ -100,10 +102,10 @@ function slp_credits() {
|
|
100 |
echo '<tbody>';
|
101 |
echo '<tr>';
|
102 |
echo '<td><ul>';
|
103 |
-
echo ' <li
|
104 |
-
|
105 |
echo ' <li><center><a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=7T2JDSM64HQV8" target="_blank"><img src="http://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" /></a></center></li>';
|
106 |
-
echo ' <li>'.__('Like the plugin? Please ', 'stealth-login-page').' <a href="http://wordpress.org/support/view/plugin-reviews/stealth-login-page?rate=5#postform" target="_blank">'.__('rate and review', 'stealth-login-page').'</a> it.</li>';
|
107 |
echo '</ul></td>';
|
108 |
|
109 |
echo '<td style="border-left:1px #ddd solid;"><ul>';
|
23 |
*/
|
24 |
function slp_admin() {
|
25 |
|
26 |
+
global $slp_options, $custom_url;
|
27 |
|
28 |
ob_start(); ?>
|
29 |
<div class="wrap">
|
43 |
|
44 |
<label class="description" for="slp_settings[redirect_url]"><?php _e( 'URL to redirect unauthorized attempts to', 'stealth-login-page' ); ?></label>
|
45 |
|
46 |
+
<input type="text" required id="slp_settings[redirect_url]" name="slp_settings[redirect_url]" value="<?php echo $slp_options['redirect_url']; ?>" />
|
47 |
|
48 |
<p><?php _e( 'The first part of the new URL string to reach your login form is the "question." It is just an arbitrary word or code. Complexity will not matter much at this time.', 'stealth-login-page' ); ?></p>
|
49 |
|
50 |
<label class="description" for="slp_settings[question]"><?php _e( 'String used for the "question"', 'stealth-login-page' ); ?></label>
|
51 |
|
52 |
+
<input type="text" required id="slp_settings[question]" name="slp_settings[question]" value="<?php echo $slp_options['question']; ?>" />
|
53 |
|
54 |
<p><?php _e( 'The second part of the new URL string to reach your login form is the "answer." It is also just an arbitrary word or code.', 'stealth-login-page' ); ?></p>
|
55 |
|
56 |
<label class="description" for="slp_settings[answer]"><?php _e( 'String used for the "answer"', 'stealth-login-page' ); ?></label>
|
57 |
|
58 |
+
<input type="text" required id="slp_settings[answer]" name="slp_settings[answer]" value="<?php echo $slp_options['answer']; ?>" />
|
59 |
|
60 |
<p>
|
61 |
<input id="email-admin" type="checkbox" name="email-admin" value="0" />
|
68 |
</p>
|
69 |
</form>
|
70 |
|
71 |
+
<?php
|
72 |
+
|
73 |
+
if ( isset( $slp_options['enable'] ) && $slp_options['question'] && $slp_options['answer'] ) { ?>
|
74 |
<div class="custom-url">
|
75 |
+
<p><?php _e( 'Your custom login URL is:', 'stealth-login-page' ); ?> <a href="<?php echo $custom_url; ?>"><?php echo $custom_url; ?></a></p>
|
76 |
</div>
|
77 |
<?php } ?>
|
78 |
|
102 |
echo '<tbody>';
|
103 |
echo '<tr>';
|
104 |
echo '<td><ul>';
|
105 |
+
echo ' <li>'.__('Your generous gift will ensure the continued development of Stealth Login Page and bring more benefits and features. Thank you for your consideration!', 'stealth-login-page').'</li>';
|
106 |
+
|
107 |
echo ' <li><center><a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=7T2JDSM64HQV8" target="_blank"><img src="http://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" /></a></center></li>';
|
108 |
+
echo ' <li>'.__('Like the plugin? Please ', 'stealth-login-page').' <a href="http://wordpress.org/support/view/plugin-reviews/stealth-login-page?rate=5#postform" target="_blank">'.__('rate and review', 'stealth-login-page').'</a> '.__('it', 'stealth-login-page').'.</li>';
|
109 |
echo '</ul></td>';
|
110 |
|
111 |
echo '<td style="border-left:1px #ddd solid;"><ul>';
|
languages/{stealth-login-page-de_DE.po → stealth-login-page-de_de.po}
RENAMED
@@ -137,5 +137,4 @@ msgstr "1.0.0"
|
|
137 |
#@ stealth-login-page
|
138 |
#: plugin.php:36
|
139 |
msgid "Sorry, you are not allowed to access this page directly."
|
140 |
-
msgstr "Entschuldigung, aber Ihnen ist es nicht erlaubt auf diese Seite direkt zuzugreifen."
|
141 |
-
|
137 |
#@ stealth-login-page
|
138 |
#: plugin.php:36
|
139 |
msgid "Sorry, you are not allowed to access this page directly."
|
140 |
+
msgstr "Entschuldigung, aber Ihnen ist es nicht erlaubt auf diese Seite direkt zuzugreifen."
|
|
languages/stealth-login-page-pl_PL.mo
CHANGED
Binary file
|
languages/stealth-login-page-pl_PL.po
CHANGED
@@ -3,7 +3,7 @@ msgid ""
|
|
3 |
msgstr ""
|
4 |
"Project-Id-Version: Stealth Login Page\n"
|
5 |
"POT-Creation-Date: \n"
|
6 |
-
"PO-Revision-Date: 2013-
|
7 |
"Last-Translator: Ryszard Wojniusz <rwpb@o2.pl>\n"
|
8 |
"Language-Team: rwpb <rwpb@o2.pl>\n"
|
9 |
"Language: pl_PL\n"
|
@@ -98,8 +98,8 @@ msgid ""
|
|
98 |
"Protect your /wp-admin and wp-login.php pages from being accessed without "
|
99 |
"editing .htaccess"
|
100 |
msgstr ""
|
101 |
-
"Ukryj dostęp do administracji swojej strony
|
102 |
-
"
|
103 |
|
104 |
#: plugin.php:0
|
105 |
msgid "Jesse Petersen"
|
@@ -116,3 +116,85 @@ msgstr "1.0.0"
|
|
116 |
#: plugin.php:36
|
117 |
msgid "Sorry, you are not allowed to access this page directly."
|
118 |
msgstr "Nie jest możliwe bezpośrednie wywołanie tej strony. Przepraszam."
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3 |
msgstr ""
|
4 |
"Project-Id-Version: Stealth Login Page\n"
|
5 |
"POT-Creation-Date: \n"
|
6 |
+
"PO-Revision-Date: 2013-05-03 22:26+0100\n"
|
7 |
"Last-Translator: Ryszard Wojniusz <rwpb@o2.pl>\n"
|
8 |
"Language-Team: rwpb <rwpb@o2.pl>\n"
|
9 |
"Language: pl_PL\n"
|
98 |
"Protect your /wp-admin and wp-login.php pages from being accessed without "
|
99 |
"editing .htaccess"
|
100 |
msgstr ""
|
101 |
+
"Ukryj dostęp do administracji swojej strony /wp-admin i wp-login.php przed "
|
102 |
+
"nieautoryzowanym dostępem bez edycji pliku .htaccess"
|
103 |
|
104 |
#: plugin.php:0
|
105 |
msgid "Jesse Petersen"
|
116 |
#: plugin.php:36
|
117 |
msgid "Sorry, you are not allowed to access this page directly."
|
118 |
msgstr "Nie jest możliwe bezpośrednie wywołanie tej strony. Przepraszam."
|
119 |
+
|
120 |
+
#: includes/settings-page.php:96
|
121 |
+
msgid "Your support makes a difference"
|
122 |
+
msgstr "Twoja pomoc ma dla mnie znaczenie"
|
123 |
+
|
124 |
+
#: includes/settings-page.php:97
|
125 |
+
msgid "Useful links"
|
126 |
+
msgstr "Przydatne linki"
|
127 |
+
|
128 |
+
#: includes/settings-page.php:98
|
129 |
+
msgid "Brought to you by"
|
130 |
+
msgstr "O Autorze wtyczki"
|
131 |
+
|
132 |
+
#: includes/settings-page.php:105
|
133 |
+
msgid ""
|
134 |
+
"Your generous gift will ensure the continued development of Stealth Login "
|
135 |
+
"Page and bring more benefits and features. Thank you for your consideration!"
|
136 |
+
msgstr ""
|
137 |
+
"Twóje wsparcie finansowe zapewni dalszy rozwój wtyczki Ukryta Strona "
|
138 |
+
"Logowania i rozszerzenie jej funkcjonalności. Będzie to dla naszej wspólnej "
|
139 |
+
"korzyści. Dziękuję za to!"
|
140 |
+
|
141 |
+
#: includes/settings-page.php:108
|
142 |
+
msgid "Like the plugin? Please "
|
143 |
+
msgstr "Podoba Ci się ta wtyczka? Proszę"
|
144 |
+
|
145 |
+
#: includes/settings-page.php:108
|
146 |
+
msgid "rate and review"
|
147 |
+
msgstr "napisz opinię i oceń"
|
148 |
+
|
149 |
+
#: includes/settings-page.php:108
|
150 |
+
msgid "it"
|
151 |
+
msgstr "ją"
|
152 |
+
|
153 |
+
#: includes/settings-page.php:113
|
154 |
+
msgid "Find my website at"
|
155 |
+
msgstr "Odwiedź moją stronę"
|
156 |
+
|
157 |
+
#: includes/settings-page.php:114
|
158 |
+
msgid "Beef up your security even more with"
|
159 |
+
msgstr "Zwiększ bezpieczeństwo dzięki wtyczce"
|
160 |
+
|
161 |
+
#: includes/settings-page.php:114
|
162 |
+
msgid "Limit Login Attempts"
|
163 |
+
msgstr "Limit Login Attempts"
|
164 |
+
|
165 |
+
#: includes/settings-page.php:115
|
166 |
+
msgid "Learn more about secure WordPress hosting with a "
|
167 |
+
msgstr "Dowiedz się więcej o wymaganiach serwerów dla Twojego Wordpressa i"
|
168 |
+
|
169 |
+
#: includes/settings-page.php:115
|
170 |
+
msgid "managed host"
|
171 |
+
msgstr "polecanych hostingach"
|
172 |
+
|
173 |
+
#: includes/settings-page.php:120
|
174 |
+
#, fuzzy
|
175 |
+
msgid ""
|
176 |
+
"I’m a straight-shooter and listen to what my clients want, run it through my "
|
177 |
+
"filters, and come up with what they need. Not a \"yes man\" by any stretch "
|
178 |
+
"of the imagination, I don’t consider a project a success unless it serves my "
|
179 |
+
"client well. I have a \"do no harm\" policy to protect them from mis-"
|
180 |
+
"information and trying things I’ve already learned about the hard way."
|
181 |
+
msgstr ""
|
182 |
+
"Jestem uczciwy i otwarty na wszystkie sugestie moich klientów. Staram się "
|
183 |
+
"zrealizować to, czego oczekują ode mnie. Nie jestem z tych, którzy mówią "
|
184 |
+
"\"Tak panie\" i zgadzają się na wszystko. Uważam, że projekt nie jest "
|
185 |
+
"skończony i udany, dopóki w pełni nie odpowiada oczekiwaniom klienta.Moją "
|
186 |
+
"dewizą jest \"Nie czyń drugiemu, o tobie niemiłe\". Jestem daleki od tego, "
|
187 |
+
"by wprowadzać klientów dezinformacją w błąd i narażać ich na przykre rzeczy. "
|
188 |
+
"Sam bowiem doświadczyłem tego w przeszłości na własnej skórze."
|
189 |
+
|
190 |
+
#: includes/settings-page.php:120
|
191 |
+
msgid "Visit the"
|
192 |
+
msgstr "Odwiedź moją stronę"
|
193 |
+
|
194 |
+
#: includes/settings-page.php:120
|
195 |
+
msgid "Petersen Media Group"
|
196 |
+
msgstr "Petersen Media Group"
|
197 |
+
|
198 |
+
#: includes/settings-page.php:120
|
199 |
+
msgid "website"
|
200 |
+
msgstr "Zapraszam"
|
languages/stealth-login-page.pot
CHANGED
@@ -91,4 +91,80 @@ msgstr ""
|
|
91 |
|
92 |
#: plugin.php:36
|
93 |
msgid "Sorry, you are not allowed to access this page directly."
|
94 |
-
msgstr ""
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
91 |
|
92 |
#: plugin.php:36
|
93 |
msgid "Sorry, you are not allowed to access this page directly."
|
94 |
+
msgstr ""
|
95 |
+
|
96 |
+
#: includes/settings-page.php:96
|
97 |
+
msgid "Your support makes a difference"
|
98 |
+
msgstr ""
|
99 |
+
|
100 |
+
#: includes/settings-page.php:97
|
101 |
+
msgid "Useful links"
|
102 |
+
msgstr ""
|
103 |
+
|
104 |
+
#: includes/settings-page.php:98
|
105 |
+
msgid "Brought to you by"
|
106 |
+
msgstr ""
|
107 |
+
|
108 |
+
#: includes/settings-page.php:105
|
109 |
+
msgid "Your generous gift will ensure the continued development of Stealth Login Page and bring more benefits and features. Thank you for your consideration!"
|
110 |
+
msgstr ""
|
111 |
+
|
112 |
+
#: includes/settings-page.php:108
|
113 |
+
msgid "Like the plugin? Please "
|
114 |
+
msgstr ""
|
115 |
+
|
116 |
+
#: includes/settings-page.php:108
|
117 |
+
msgid "rate and review"
|
118 |
+
msgstr ""
|
119 |
+
|
120 |
+
#: includes/settings-page.php:108
|
121 |
+
msgid "it"
|
122 |
+
msgstr ""
|
123 |
+
|
124 |
+
#: includes/settings-page.php:113
|
125 |
+
msgid "Find my website at"
|
126 |
+
msgstr ""
|
127 |
+
|
128 |
+
#: includes/settings-page.php:114
|
129 |
+
msgid "Beef up your security even more with"
|
130 |
+
msgstr ""
|
131 |
+
|
132 |
+
#: includes/settings-page.php:114
|
133 |
+
msgid "Limit Login Attempts"
|
134 |
+
msgstr ""
|
135 |
+
|
136 |
+
#: includes/settings-page.php:115
|
137 |
+
msgid "Learn more about secure WordPress hosting with a "
|
138 |
+
msgstr ""
|
139 |
+
|
140 |
+
#: includes/settings-page.php:115
|
141 |
+
msgid "managed host"
|
142 |
+
msgstr ""
|
143 |
+
|
144 |
+
#: includes/settings-page.php:120
|
145 |
+
msgid "I’m a straight-shooter and listen to what my clients want, run it through my filters, and come up with what they need. Not a \"yes man\" by any stretch of the imagination, I don’t consider a project a success unless it serves my client well. I have a \"do no harm\" policy to protect them from mis-information and trying things I’ve already learned about the hard way."
|
146 |
+
msgstr ""
|
147 |
+
|
148 |
+
#: includes/settings-page.php:120
|
149 |
+
msgid "Visit the"
|
150 |
+
msgstr ""
|
151 |
+
|
152 |
+
#: includes/settings-page.php:120
|
153 |
+
msgid "Petersen Media Group"
|
154 |
+
msgstr ""
|
155 |
+
|
156 |
+
#: includes/settings-page.php:120
|
157 |
+
msgid "website"
|
158 |
+
msgstr ""
|
159 |
+
|
160 |
+
|
161 |
+
|
162 |
+
|
163 |
+
|
164 |
+
|
165 |
+
|
166 |
+
|
167 |
+
|
168 |
+
|
169 |
+
|
170 |
+
|
plugin.php
CHANGED
@@ -2,7 +2,7 @@
|
|
2 |
/*
|
3 |
Plugin Name: Stealth Login Page
|
4 |
Plugin URI: http://www.petersenmediagroup.com/plugins/stealth-login-page
|
5 |
-
Version:
|
6 |
Author: Jesse Petersen
|
7 |
Author URI: http://www.petersenmediagroup.com
|
8 |
Description: Protect your /wp-admin and wp-login.php pages from being accessed without editing .htaccess
|
@@ -48,11 +48,38 @@ function slp_load_plugin_translations() {
|
|
48 |
|
49 |
}
|
50 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
51 |
// Global Variables ---------------------- //
|
52 |
$slp_prefix = 'slp_';
|
53 |
$slp_plugin_name = 'Stealth Login Page';
|
54 |
// retrieve plugin settings from options table
|
55 |
$slp_options = get_option('slp_settings');
|
|
|
56 |
|
57 |
// Includes ------------------------------ //
|
58 |
include('includes/settings-page.php'); // loads the admin settings page
|
2 |
/*
|
3 |
Plugin Name: Stealth Login Page
|
4 |
Plugin URI: http://www.petersenmediagroup.com/plugins/stealth-login-page
|
5 |
+
Version: 2.0.0
|
6 |
Author: Jesse Petersen
|
7 |
Author URI: http://www.petersenmediagroup.com
|
8 |
Description: Protect your /wp-admin and wp-login.php pages from being accessed without editing .htaccess
|
48 |
|
49 |
}
|
50 |
|
51 |
+
add_action('admin_menu', 'slp_plugin_menu');
|
52 |
+
function slp_plugin_menu() {
|
53 |
+
add_options_page( __( 'Stealth Login Page', 'stealth-login-page' ), __( 'Stealth Login Page', 'stealth-login-page' ), 'manage_options', 'stealth-login-page', 'slp_admin' );
|
54 |
+
return;
|
55 |
+
}
|
56 |
+
|
57 |
+
/**
|
58 |
+
* Add settings link on plugin page
|
59 |
+
*
|
60 |
+
* @since 1.1.3
|
61 |
+
* @param array $links
|
62 |
+
* @param string $file
|
63 |
+
* @return array
|
64 |
+
*/
|
65 |
+
add_filter( 'plugin_action_links', 'slp_admin_settings_link', 10, 2 );
|
66 |
+
function slp_admin_settings_link( $links, $file ) {
|
67 |
+
|
68 |
+
if ( plugin_basename(__FILE__) == $file ) {
|
69 |
+
$settings_link = '<a href="' . admin_url( 'options-general.php?page=stealth-login-page' ) . '">' . __( 'Settings', 'stealth-login-page' ) . '</a>';
|
70 |
+
array_unshift( $links, $settings_link );
|
71 |
+
}
|
72 |
+
|
73 |
+
return $links;
|
74 |
+
|
75 |
+
}
|
76 |
+
|
77 |
// Global Variables ---------------------- //
|
78 |
$slp_prefix = 'slp_';
|
79 |
$slp_plugin_name = 'Stealth Login Page';
|
80 |
// retrieve plugin settings from options table
|
81 |
$slp_options = get_option('slp_settings');
|
82 |
+
$custom_url = wp_login_url() . '?' . $slp_options['question'] . '=' . $slp_options['answer'];
|
83 |
|
84 |
// Includes ------------------------------ //
|
85 |
include('includes/settings-page.php'); // loads the admin settings page
|
readme.txt
CHANGED
@@ -4,11 +4,11 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_i
|
|
4 |
Tags: login, wp-admin, redirect, security, 302
|
5 |
Requires at least: 3.4.2
|
6 |
Tested up to: 3.5.1
|
7 |
-
Stable tag:
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
11 |
-
Protect your /wp-admin and wp-login.php pages from being accessed without editing .htaccess
|
12 |
|
13 |
== Description ==
|
14 |
|
@@ -18,6 +18,8 @@ Protect your /wp-admin and wp-login.php pages from being accessed by obscuring t
|
|
18 |
|
19 |
Without locking down access via IP address or file permissions, this plugin creates a secret, customizable, login URL string. Those attempting to gain access to your login form will be automatcally redirected to a customizable URL.
|
20 |
|
|
|
|
|
21 |
= Why it exists =
|
22 |
|
23 |
When using a login limiting plugin, it is possible that someone is on your network and attempting to login, which will then lock you out because you share the same IP address. This plugin hides your login screen so you don't experience lockdowns when you didn't create the lockdown.
|
@@ -26,6 +28,10 @@ When using a login limiting plugin, it is possible that someone is on your netwo
|
|
26 |
|
27 |
This does NOT replace the need for security "best practices" such as a strong password or a secure hosting environment. This is an additional layer of security, best combined with a login limiter such as <a href="http://wordpress.org/extend/plugins/limit-login-attempts/">Limit Login Attempts</a> or <a href="http://wordpress.org/extend/plugins/login-lockdown/">Login Lockdown</a>.
|
28 |
|
|
|
|
|
|
|
|
|
29 |
== Installation ==
|
30 |
|
31 |
1. Upload contents of the directory to /wp-content/plugins/ (or use the automatic installer)
|
@@ -59,6 +65,14 @@ See more [examples](http://www.petersenmediagroup.com/plugins/stealth-login-page
|
|
59 |
|
60 |
== Changelog ==
|
61 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
62 |
= 1.1.2 =
|
63 |
* Polish localization.
|
64 |
* Updated FAQ with new information on why lockouts can still happen. I am working out how to protect from that, also, if it is at all possible.
|
@@ -75,6 +89,14 @@ See more [examples](http://www.petersenmediagroup.com/plugins/stealth-login-page
|
|
75 |
|
76 |
== Upgrade Notice ==
|
77 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
78 |
= 1.1.2 =
|
79 |
* Polish localization.
|
80 |
* Updated FAQ with new information on why lockouts can still happen. I am working out how to protect from that, also, if it is at all possible.
|
4 |
Tags: login, wp-admin, redirect, security, 302
|
5 |
Requires at least: 3.4.2
|
6 |
Tested up to: 3.5.1
|
7 |
+
Stable tag: 2.0.0
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
11 |
+
Protect your /wp-admin and wp-login.php pages from being accessed without editing .htaccess -- the FIRST one that blocks remote bot login requests.
|
12 |
|
13 |
== Description ==
|
14 |
|
18 |
|
19 |
Without locking down access via IP address or file permissions, this plugin creates a secret, customizable, login URL string. Those attempting to gain access to your login form will be automatcally redirected to a customizable URL.
|
20 |
|
21 |
+
This is the first plugin that blocks external bot login requests - login requests must come from your customized URL or the request is rejected.
|
22 |
+
|
23 |
= Why it exists =
|
24 |
|
25 |
When using a login limiting plugin, it is possible that someone is on your network and attempting to login, which will then lock you out because you share the same IP address. This plugin hides your login screen so you don't experience lockdowns when you didn't create the lockdown.
|
28 |
|
29 |
This does NOT replace the need for security "best practices" such as a strong password or a secure hosting environment. This is an additional layer of security, best combined with a login limiter such as <a href="http://wordpress.org/extend/plugins/limit-login-attempts/">Limit Login Attempts</a> or <a href="http://wordpress.org/extend/plugins/login-lockdown/">Login Lockdown</a>.
|
30 |
|
31 |
+
= WP 3.6 Warning =
|
32 |
+
|
33 |
+
It has come to my attention that the new WP 3.6 session timeout function opens up the login form but it doesn't have any idea about the new URL to avoid a redirect, so it will automatically redirect when this happens. I AM trying to fix this before 3.6 drops, but please be aware of this if you don't see v 1.2.1 and you've upgraded to WP 3.6 or 3.6-beta.
|
34 |
+
|
35 |
== Installation ==
|
36 |
|
37 |
1. Upload contents of the directory to /wp-content/plugins/ (or use the automatic installer)
|
65 |
|
66 |
== Changelog ==
|
67 |
|
68 |
+
= 2.0.0 =
|
69 |
+
* Plugged security hole that allowed remote form submissions - CRITICAL UPDATE
|
70 |
+
* Requires all fields be filled in on the settings page to avoid saving incomplete entries.
|
71 |
+
|
72 |
+
= 1.1.3 =
|
73 |
+
* Added Settings Link on the Plugins page to link to the settings.
|
74 |
+
* Added useful links to the settings page.
|
75 |
+
|
76 |
= 1.1.2 =
|
77 |
* Polish localization.
|
78 |
* Updated FAQ with new information on why lockouts can still happen. I am working out how to protect from that, also, if it is at all possible.
|
89 |
|
90 |
== Upgrade Notice ==
|
91 |
|
92 |
+
= 2.0.0 =
|
93 |
+
* Plugged security hole that allowed remote form submissions - CRITICAL UPDATE
|
94 |
+
* Requires all fields be filled in on the settings page to avoid saving incomplete entries.
|
95 |
+
|
96 |
+
= 1.1.3 =
|
97 |
+
* Added Settings Link on the Plugins page to link to the settings.
|
98 |
+
* Added useful links to the settings page.
|
99 |
+
|
100 |
= 1.1.2 =
|
101 |
* Polish localization.
|
102 |
* Updated FAQ with new information on why lockouts can still happen. I am working out how to protect from that, also, if it is at all possible.
|