Stealth Login Page - Version 2.0.0

Version Description

Plugged security hole that allowed remote form submissions - CRITICAL UPDATE
Requires all fields be filled in on the settings page to avoid saving incomplete entries.

Release Info

Developer	peterdog
Plugin	Stealth Login Page
Version	2.0.0
Comparing to
See all releases

Code changes from version 1.1.2 to 2.0.0

Files changed (9) hide show

images/pmg-logo.png +0 -0
includes/display-functions.php +12 -5
includes/settings-page.php +11 -9
languages/{stealth-login-page-de_DE.po → stealth-login-page-de_de.po} +1 -2
languages/stealth-login-page-pl_PL.mo +0 -0
languages/stealth-login-page-pl_PL.po +85 -3
languages/stealth-login-page.pot +77 -1
plugin.php +28 -1
readme.txt +24 -2

images/pmg-logo.png ADDED Viewed

Binary file

includes/display-functions.php CHANGED Viewed

	@@ -10,21 +10,28 @@
10	add_action( 'login_init', 'slp_login_stringcheck' );
11	function slp_login_stringcheck() {
12
13	- global $slp_options;
14
15	- // set the location a failed attempt goes to
16	$redirect = $slp_options['redirect_url'];
17	$question = $slp_options['question'];
18	$answer = $slp_options['answer'];
19



20	if ( ! isset( $_GET[$question] ) )
21	wp_redirect( esc_url_raw ($redirect), 302 );
22	-
23	-
24	// check for correct answer
25	if ( isset( $_GET[$question ] ) ) {
26
27	- if ( $_GET[$question] !== $answer )
28	wp_redirect( esc_url_raw ($redirect), 302 );





29	}
30	}


10	add_action( 'login_init', 'slp_login_stringcheck' );
11	function slp_login_stringcheck() {
12
13	+ global $slp_options, $custom_url;
14
15	+ // set the location a failed attempt goes to
16	$redirect = $slp_options['redirect_url'];
17	$question = $slp_options['question'];
18	$answer = $slp_options['answer'];
19
20	+ // set the request URL
21	+ $form_request = site_url() . $_SERVER['REQUEST_URI'];
22	+
23	if ( ! isset( $_GET[$question] ) )
24	wp_redirect( esc_url_raw ($redirect), 302 );
25	+

26	// check for correct answer
27	if ( isset( $_GET[$question ] ) ) {
28
29	+ if ( $_GET[$question] !== $answer ) {
30	wp_redirect( esc_url_raw ($redirect), 302 );
31	+
32	+ if ( $form_request !== $custom_url ) {
33	+ wp_redirect( esc_url_raw ($redirect), 302 );
34	+ }
35	+ }
36	}
37	}

includes/settings-page.php CHANGED Viewed

	@@ -23,7 +23,7 @@ function slp_email_admin() {
23	*/
24	function slp_admin() {
25
26	- global $slp_options;
27
28	ob_start(); ?>
29	<div class="wrap">
	@@ -43,19 +43,19 @@ function slp_admin() {
43
44	<label class="description" for="slp_settings[redirect_url]"><?php _e( 'URL to redirect unauthorized attempts to', 'stealth-login-page' ); ?></label>
45
46	- <input type="text" id="slp_settings[redirect_url]" name="slp_settings[redirect_url]" value="<?php echo $slp_options['redirect_url']; ?>" />
47
48	<p><?php _e( 'The first part of the new URL string to reach your login form is the "question." It is just an arbitrary word or code. Complexity will not matter much at this time.', 'stealth-login-page' ); ?></p>
49
50	<label class="description" for="slp_settings[question]"><?php _e( 'String used for the "question"', 'stealth-login-page' ); ?></label>
51
52	- <input type="text" id="slp_settings[question]" name="slp_settings[question]" value="<?php echo $slp_options['question']; ?>" />
53
54	<p><?php _e( 'The second part of the new URL string to reach your login form is the "answer." It is also just an arbitrary word or code.', 'stealth-login-page' ); ?></p>
55
56	<label class="description" for="slp_settings[answer]"><?php _e( 'String used for the "answer"', 'stealth-login-page' ); ?></label>
57
58	- <input type="text" id="slp_settings[answer]" name="slp_settings[answer]" value="<?php echo $slp_options['answer']; ?>" />
59
60	<p>
61	<input id="email-admin" type="checkbox" name="email-admin" value="0" />
	@@ -68,9 +68,11 @@ function slp_admin() {
68	</p>
69	</form>
70
71	- <?php ~~if ( isset( $slp_options['enable'] ) && $slp_options['question'] && $slp_options['answer'] ) { ?>~~


72	<div class="custom-url">
73	- <p><?php _e( 'Your custom login URL is:', 'stealth-login-page' ); ?> <a href="<?php echo ~~wp_login_url() . '?' .~~ $~~slp_options['question']~~ ~~. '=' . $slp_options['answer']~~ ?>"~~> <?~~php echo ~~wp_login_url() . '?' .~~ $~~slp_options['question'] . '=' . $slp_options['answer']~~; ?></a></p>
74	</div>
75	<?php } ?>
76
	@@ -100,10 +102,10 @@ function slp_credits() {
100	echo '<tbody>';
101	echo '<tr>';
102	echo '<td><ul>';
103	- echo ' <li~~><center~~>'.__('Your generous gift will ensure the continued development of Stealth Login Page and bring more benefits and features.
104	- ~~Thank you for your consideration!', 'stealth-login-page').'</center></li>';~~
105	echo ' <li><center><a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=7T2JDSM64HQV8" target="_blank"><img src="http://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" /></a></center></li>';
106	- echo ' <li>'.__('Like the plugin? Please ', 'stealth-login-page').' <a href="http://wordpress.org/support/view/plugin-reviews/stealth-login-page?rate=5#postform" target="_blank">'.__('rate and review', 'stealth-login-page').'</a> it.</li>';
107	echo '</ul></td>';
108
109	echo '<td style="border-left:1px #ddd solid;"><ul>';


23	*/
24	function slp_admin() {
25
26	+ global $slp_options, $custom_url;
27
28	ob_start(); ?>
29	<div class="wrap">

43
44	<label class="description" for="slp_settings[redirect_url]"><?php _e( 'URL to redirect unauthorized attempts to', 'stealth-login-page' ); ?></label>
45
46	+ <input type="text" required id="slp_settings[redirect_url]" name="slp_settings[redirect_url]" value="<?php echo $slp_options['redirect_url']; ?>" />
47
48	<p><?php _e( 'The first part of the new URL string to reach your login form is the "question." It is just an arbitrary word or code. Complexity will not matter much at this time.', 'stealth-login-page' ); ?></p>
49
50	<label class="description" for="slp_settings[question]"><?php _e( 'String used for the "question"', 'stealth-login-page' ); ?></label>
51
52	+ <input type="text" required id="slp_settings[question]" name="slp_settings[question]" value="<?php echo $slp_options['question']; ?>" />
53
54	<p><?php _e( 'The second part of the new URL string to reach your login form is the "answer." It is also just an arbitrary word or code.', 'stealth-login-page' ); ?></p>
55
56	<label class="description" for="slp_settings[answer]"><?php _e( 'String used for the "answer"', 'stealth-login-page' ); ?></label>
57
58	+ <input type="text" required id="slp_settings[answer]" name="slp_settings[answer]" value="<?php echo $slp_options['answer']; ?>" />
59
60	<p>
61	<input id="email-admin" type="checkbox" name="email-admin" value="0" />

68	</p>
69	</form>
70
71	+ <?php
72	+
73	+ if ( isset( $slp_options['enable'] ) && $slp_options['question'] && $slp_options['answer'] ) { ?>
74	<div class="custom-url">
75	+ <p><?php _e( 'Your custom login URL is:', 'stealth-login-page' ); ?> <a href="<?php echo $custom_url; ?>"><?php echo $custom_url; ?></a></p>
76	</div>
77	<?php } ?>
78

102	echo '<tbody>';
103	echo '<tr>';
104	echo '<td><ul>';
105	+ echo ' <li>'.__('Your generous gift will ensure the continued development of Stealth Login Page and bring more benefits and features. Thank you for your consideration!', 'stealth-login-page').'</li>';
106	+
107	echo ' <li><center><a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=7T2JDSM64HQV8" target="_blank"><img src="http://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" /></a></center></li>';
108	+ echo ' <li>'.__('Like the plugin? Please ', 'stealth-login-page').' <a href="http://wordpress.org/support/view/plugin-reviews/stealth-login-page?rate=5#postform" target="_blank">'.__('rate and review', 'stealth-login-page').'</a> '.__('it', 'stealth-login-page').'.</li>';
109	echo '</ul></td>';
110
111	echo '<td style="border-left:1px #ddd solid;"><ul>';

languages/{stealth-login-page-de_DE.po → stealth-login-page-de_de.po} RENAMED Viewed

	@@ -137,5 +137,4 @@ msgstr "1.0.0"
137	#@ stealth-login-page
138	#: plugin.php:36
139	msgid "Sorry, you are not allowed to access this page directly."
140	- msgstr "Entschuldigung, aber Ihnen ist es nicht erlaubt auf diese Seite direkt zuzugreifen."
141	-


137	#@ stealth-login-page
138	#: plugin.php:36
139	msgid "Sorry, you are not allowed to access this page directly."
140	+ msgstr "Entschuldigung, aber Ihnen ist es nicht erlaubt auf diese Seite direkt zuzugreifen."

languages/stealth-login-page-pl_PL.mo CHANGED Viewed

Binary file

languages/stealth-login-page-pl_PL.po CHANGED Viewed

@@ -3,7 +3,7 @@ msgid ""
             msgstr ""
             "Project-Id-Version: Stealth Login Page\n"
             "POT-Creation-Date: \n"
-            -
            "PO-Revision-Date: 2013-04-12 10:01+0100\n"
             "Last-Translator: Ryszard Wojniusz <rwpb@o2.pl>\n"
             "Language-Team: rwpb <rwpb@o2.pl>\n"
             "Language: pl_PL\n"
@@ -98,8 +98,8 @@ msgid ""
             "Protect your /wp-admin and wp-login.php pages from being accessed without "
             "editing .htaccess"
             msgstr ""
-            -
            "Ukryj dostęp do administracji swojej strony (  /wp-admin i wp-login.php ) "
-            -
            "przed nieautoryzowanym dostępem bez edycji pliku .htaccess"
             #: plugin.php:0
             msgid "Jesse Petersen"
@@ -116,3 +116,85 @@ msgstr "1.0.0"
             #: plugin.php:36
             msgid "Sorry, you are not allowed to access this page directly."
             msgstr "Nie jest możliwe bezpośrednie wywołanie tej strony. Przepraszam."


3	msgstr ""
4	"Project-Id-Version: Stealth Login Page\n"
5	"POT-Creation-Date: \n"
6	+ "PO-Revision-Date: 2013-05-03 22:26+0100\n"
7	"Last-Translator: Ryszard Wojniusz <rwpb@o2.pl>\n"
8	"Language-Team: rwpb <rwpb@o2.pl>\n"
9	"Language: pl_PL\n"

98	"Protect your /wp-admin and wp-login.php pages from being accessed without "
99	"editing .htaccess"
100	msgstr ""
101	+ "Ukryj dostęp do administracji swojej strony /wp-admin i wp-login.php przed "
102	+ "nieautoryzowanym dostępem bez edycji pliku .htaccess"
103
104	#: plugin.php:0
105	msgid "Jesse Petersen"

116	#: plugin.php:36
117	msgid "Sorry, you are not allowed to access this page directly."
118	msgstr "Nie jest możliwe bezpośrednie wywołanie tej strony. Przepraszam."
119	+
120	+ #: includes/settings-page.php:96
121	+ msgid "Your support makes a difference"
122	+ msgstr "Twoja pomoc ma dla mnie znaczenie"
123	+
124	+ #: includes/settings-page.php:97
125	+ msgid "Useful links"
126	+ msgstr "Przydatne linki"
127	+
128	+ #: includes/settings-page.php:98
129	+ msgid "Brought to you by"
130	+ msgstr "O Autorze wtyczki"
131	+
132	+ #: includes/settings-page.php:105
133	+ msgid ""
134	+ "Your generous gift will ensure the continued development of Stealth Login "
135	+ "Page and bring more benefits and features. Thank you for your consideration!"
136	+ msgstr ""
137	+ "Twóje wsparcie finansowe zapewni dalszy rozwój wtyczki Ukryta Strona "
138	+ "Logowania i rozszerzenie jej funkcjonalności. Będzie to dla naszej wspólnej "
139	+ "korzyści. Dziękuję za to!"
140	+
141	+ #: includes/settings-page.php:108
142	+ msgid "Like the plugin? Please "
143	+ msgstr "Podoba Ci się ta wtyczka? Proszę"
144	+
145	+ #: includes/settings-page.php:108
146	+ msgid "rate and review"
147	+ msgstr "napisz opinię i oceń"
148	+
149	+ #: includes/settings-page.php:108
150	+ msgid "it"
151	+ msgstr "ją"
152	+
153	+ #: includes/settings-page.php:113
154	+ msgid "Find my website at"
155	+ msgstr "Odwiedź moją stronę"
156	+
157	+ #: includes/settings-page.php:114
158	+ msgid "Beef up your security even more with"
159	+ msgstr "Zwiększ bezpieczeństwo dzięki wtyczce"
160	+
161	+ #: includes/settings-page.php:114
162	+ msgid "Limit Login Attempts"
163	+ msgstr "Limit Login Attempts"
164	+
165	+ #: includes/settings-page.php:115
166	+ msgid "Learn more about secure WordPress hosting with a "
167	+ msgstr "Dowiedz się więcej o wymaganiach serwerów dla Twojego Wordpressa i"
168	+
169	+ #: includes/settings-page.php:115
170	+ msgid "managed host"
171	+ msgstr "polecanych hostingach"
172	+
173	+ #: includes/settings-page.php:120
174	+ #, fuzzy
175	+ msgid ""
176	+ "I’m a straight-shooter and listen to what my clients want, run it through my "
177	+ "filters, and come up with what they need. Not a \"yes man\" by any stretch "
178	+ "of the imagination, I don’t consider a project a success unless it serves my "
179	+ "client well. I have a \"do no harm\" policy to protect them from mis-"
180	+ "information and trying things I’ve already learned about the hard way."
181	+ msgstr ""
182	+ "Jestem uczciwy i otwarty na wszystkie sugestie moich klientów. Staram się "
183	+ "zrealizować to, czego oczekują ode mnie. Nie jestem z tych, którzy mówią "
184	+ "\"Tak panie\" i zgadzają się na wszystko. Uważam, że projekt nie jest "
185	+ "skończony i udany, dopóki w pełni nie odpowiada oczekiwaniom klienta.Moją "
186	+ "dewizą jest \"Nie czyń drugiemu, o tobie niemiłe\". Jestem daleki od tego, "
187	+ "by wprowadzać klientów dezinformacją w błąd i narażać ich na przykre rzeczy. "
188	+ "Sam bowiem doświadczyłem tego w przeszłości na własnej skórze."
189	+
190	+ #: includes/settings-page.php:120
191	+ msgid "Visit the"
192	+ msgstr "Odwiedź moją stronę"
193	+
194	+ #: includes/settings-page.php:120
195	+ msgid "Petersen Media Group"
196	+ msgstr "Petersen Media Group"
197	+
198	+ #: includes/settings-page.php:120
199	+ msgid "website"
200	+ msgstr "Zapraszam"

languages/stealth-login-page.pot CHANGED Viewed

@@ -91,4 +91,80 @@ msgstr ""
             #: plugin.php:36
             msgid "Sorry, you are not allowed to access this page directly."
-            -
            msgstr ""


91
92	#: plugin.php:36
93	msgid "Sorry, you are not allowed to access this page directly."
94	+ msgstr ""
95	+
96	+ #: includes/settings-page.php:96
97	+ msgid "Your support makes a difference"
98	+ msgstr ""
99	+
100	+ #: includes/settings-page.php:97
101	+ msgid "Useful links"
102	+ msgstr ""
103	+
104	+ #: includes/settings-page.php:98
105	+ msgid "Brought to you by"
106	+ msgstr ""
107	+
108	+ #: includes/settings-page.php:105
109	+ msgid "Your generous gift will ensure the continued development of Stealth Login Page and bring more benefits and features. Thank you for your consideration!"
110	+ msgstr ""
111	+
112	+ #: includes/settings-page.php:108
113	+ msgid "Like the plugin? Please "
114	+ msgstr ""
115	+
116	+ #: includes/settings-page.php:108
117	+ msgid "rate and review"
118	+ msgstr ""
119	+
120	+ #: includes/settings-page.php:108
121	+ msgid "it"
122	+ msgstr ""
123	+
124	+ #: includes/settings-page.php:113
125	+ msgid "Find my website at"
126	+ msgstr ""
127	+
128	+ #: includes/settings-page.php:114
129	+ msgid "Beef up your security even more with"
130	+ msgstr ""
131	+
132	+ #: includes/settings-page.php:114
133	+ msgid "Limit Login Attempts"
134	+ msgstr ""
135	+
136	+ #: includes/settings-page.php:115
137	+ msgid "Learn more about secure WordPress hosting with a "
138	+ msgstr ""
139	+
140	+ #: includes/settings-page.php:115
141	+ msgid "managed host"
142	+ msgstr ""
143	+
144	+ #: includes/settings-page.php:120
145	+ msgid "I’m a straight-shooter and listen to what my clients want, run it through my filters, and come up with what they need. Not a \"yes man\" by any stretch of the imagination, I don’t consider a project a success unless it serves my client well. I have a \"do no harm\" policy to protect them from mis-information and trying things I’ve already learned about the hard way."
146	+ msgstr ""
147	+
148	+ #: includes/settings-page.php:120
149	+ msgid "Visit the"
150	+ msgstr ""
151	+
152	+ #: includes/settings-page.php:120
153	+ msgid "Petersen Media Group"
154	+ msgstr ""
155	+
156	+ #: includes/settings-page.php:120
157	+ msgid "website"
158	+ msgstr ""
159	+
160	+
161	+
162	+
163	+
164	+
165	+
166	+
167	+
168	+
169	+
170	+

plugin.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	/*
3	Plugin Name: Stealth Login Page
4	Plugin URI: http://www.petersenmediagroup.com/plugins/stealth-login-page
5	- Version: 1.1.2
6	Author: Jesse Petersen
7	Author URI: http://www.petersenmediagroup.com
8	Description: Protect your /wp-admin and wp-login.php pages from being accessed without editing .htaccess
	@@ -48,11 +48,38 @@ function slp_load_plugin_translations() {
48
49	}
50


























51	// Global Variables ---------------------- //
52	$slp_prefix = 'slp_';
53	$slp_plugin_name = 'Stealth Login Page';
54	// retrieve plugin settings from options table
55	$slp_options = get_option('slp_settings');

56
57	// Includes ------------------------------ //
58	include('includes/settings-page.php'); // loads the admin settings page


2	/*
3	Plugin Name: Stealth Login Page
4	Plugin URI: http://www.petersenmediagroup.com/plugins/stealth-login-page
5	+ Version: 2.0.0
6	Author: Jesse Petersen
7	Author URI: http://www.petersenmediagroup.com
8	Description: Protect your /wp-admin and wp-login.php pages from being accessed without editing .htaccess

48
49	}
50
51	+ add_action('admin_menu', 'slp_plugin_menu');
52	+ function slp_plugin_menu() {
53	+ add_options_page( __( 'Stealth Login Page', 'stealth-login-page' ), __( 'Stealth Login Page', 'stealth-login-page' ), 'manage_options', 'stealth-login-page', 'slp_admin' );
54	+ return;
55	+ }
56	+
57	+ /**
58	+ * Add settings link on plugin page
59	+ *
60	+ * @since 1.1.3
61	+ * @param array $links
62	+ * @param string $file
63	+ * @return array
64	+ */
65	+ add_filter( 'plugin_action_links', 'slp_admin_settings_link', 10, 2 );
66	+ function slp_admin_settings_link( $links, $file ) {
67	+
68	+ if ( plugin_basename(__FILE__) == $file ) {
69	+ $settings_link = '<a href="' . admin_url( 'options-general.php?page=stealth-login-page' ) . '">' . __( 'Settings', 'stealth-login-page' ) . '</a>';
70	+ array_unshift( $links, $settings_link );
71	+ }
72	+
73	+ return $links;
74	+
75	+ }
76	+
77	// Global Variables ---------------------- //
78	$slp_prefix = 'slp_';
79	$slp_plugin_name = 'Stealth Login Page';
80	// retrieve plugin settings from options table
81	$slp_options = get_option('slp_settings');
82	+ $custom_url = wp_login_url() . '?' . $slp_options['question'] . '=' . $slp_options['answer'];
83
84	// Includes ------------------------------ //
85	include('includes/settings-page.php'); // loads the admin settings page

readme.txt CHANGED Viewed

	@@ -4,11 +4,11 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_i
4	Tags: login, wp-admin, redirect, security, 302
5	Requires at least: 3.4.2
6	Tested up to: 3.5.1
7	- Stable tag: 1.1.2
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
11	- Protect your /wp-admin and wp-login.php pages from being accessed without editing .htaccess
12
13	== Description ==
14
	@@ -18,6 +18,8 @@ Protect your /wp-admin and wp-login.php pages from being accessed by obscuring t
18
19	Without locking down access via IP address or file permissions, this plugin creates a secret, customizable, login URL string. Those attempting to gain access to your login form will be automatcally redirected to a customizable URL.
20


21	= Why it exists =
22
23	When using a login limiting plugin, it is possible that someone is on your network and attempting to login, which will then lock you out because you share the same IP address. This plugin hides your login screen so you don't experience lockdowns when you didn't create the lockdown.
	@@ -26,6 +28,10 @@ When using a login limiting plugin, it is possible that someone is on your netwo
26
27	This does NOT replace the need for security "best practices" such as a strong password or a secure hosting environment. This is an additional layer of security, best combined with a login limiter such as <a href="http://wordpress.org/extend/plugins/limit-login-attempts/">Limit Login Attempts</a> or <a href="http://wordpress.org/extend/plugins/login-lockdown/">Login Lockdown</a>.
28




29	== Installation ==
30
31	1. Upload contents of the directory to /wp-content/plugins/ (or use the automatic installer)
	@@ -59,6 +65,14 @@ See more [examples](http://www.petersenmediagroup.com/plugins/stealth-login-page
59
60	== Changelog ==
61








62	= 1.1.2 =
63	* Polish localization.
64	* Updated FAQ with new information on why lockouts can still happen. I am working out how to protect from that, also, if it is at all possible.
	@@ -75,6 +89,14 @@ See more [examples](http://www.petersenmediagroup.com/plugins/stealth-login-page
75
76	== Upgrade Notice ==
77








78	= 1.1.2 =
79	* Polish localization.
80	* Updated FAQ with new information on why lockouts can still happen. I am working out how to protect from that, also, if it is at all possible.


4	Tags: login, wp-admin, redirect, security, 302
5	Requires at least: 3.4.2
6	Tested up to: 3.5.1
7	+ Stable tag: 2.0.0
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
11	+ Protect your /wp-admin and wp-login.php pages from being accessed without editing .htaccess -- the FIRST one that blocks remote bot login requests.
12
13	== Description ==
14

18
19	Without locking down access via IP address or file permissions, this plugin creates a secret, customizable, login URL string. Those attempting to gain access to your login form will be automatcally redirected to a customizable URL.
20
21	+ This is the first plugin that blocks external bot login requests - login requests must come from your customized URL or the request is rejected.
22	+
23	= Why it exists =
24
25	When using a login limiting plugin, it is possible that someone is on your network and attempting to login, which will then lock you out because you share the same IP address. This plugin hides your login screen so you don't experience lockdowns when you didn't create the lockdown.

28
29	This does NOT replace the need for security "best practices" such as a strong password or a secure hosting environment. This is an additional layer of security, best combined with a login limiter such as <a href="http://wordpress.org/extend/plugins/limit-login-attempts/">Limit Login Attempts</a> or <a href="http://wordpress.org/extend/plugins/login-lockdown/">Login Lockdown</a>.
30
31	+ = WP 3.6 Warning =
32	+
33	+ It has come to my attention that the new WP 3.6 session timeout function opens up the login form but it doesn't have any idea about the new URL to avoid a redirect, so it will automatically redirect when this happens. I AM trying to fix this before 3.6 drops, but please be aware of this if you don't see v 1.2.1 and you've upgraded to WP 3.6 or 3.6-beta.
34	+
35	== Installation ==
36
37	1. Upload contents of the directory to /wp-content/plugins/ (or use the automatic installer)

65
66	== Changelog ==
67
68	+ = 2.0.0 =
69	+ * Plugged security hole that allowed remote form submissions - CRITICAL UPDATE
70	+ * Requires all fields be filled in on the settings page to avoid saving incomplete entries.
71	+
72	+ = 1.1.3 =
73	+ * Added Settings Link on the Plugins page to link to the settings.
74	+ * Added useful links to the settings page.
75	+
76	= 1.1.2 =
77	* Polish localization.
78	* Updated FAQ with new information on why lockouts can still happen. I am working out how to protect from that, also, if it is at all possible.

89
90	== Upgrade Notice ==
91
92	+ = 2.0.0 =
93	+ * Plugged security hole that allowed remote form submissions - CRITICAL UPDATE
94	+ * Requires all fields be filled in on the settings page to avoid saving incomplete entries.
95	+
96	+ = 1.1.3 =
97	+ * Added Settings Link on the Plugins page to link to the settings.
98	+ * Added useful links to the settings page.
99	+
100	= 1.1.2 =
101	* Polish localization.
102	* Updated FAQ with new information on why lockouts can still happen. I am working out how to protect from that, also, if it is at all possible.