Stealth Login Page - Version 2.1.2

Version Description

Files changed (3) hide show

includes/display-functions.php CHANGED Viewed

	@@ -3,39 +3,23 @@
3	/*
4	* Check the URL of the WordPress login page for a specific query string.
5	*
6	- * assumes login string is
7	- * http://yoursite/wp-login.php?question=answer
8	*/
9
10	add_action( 'login_init', 'slp_login_stringcheck' );
11	function slp_login_stringcheck() {
12
13	- global $slp_options, $custom_url~~, $custom_logged_out~~;
14
15	// set the location a failed attempt goes to
16	$redirect = $slp_options['redirect_url'];
17	$question = $slp_options['question'];
18	$answer = $slp_options['answer'];
19
20	- // ~~set~~ the ~~request~~ URL
21	- $form_request = ~~site_url()~~ . $_SERVER['REQUEST_URI'];
22	-
23	- if ( ! isset( $_GET[$question] ) )
24	- wp_redirect( esc_url_raw ($redirect), 302 );
25	-
26	- // check for correct answer
27	- if ( isset( $_GET[$question ] ) ) {
28
29	- if ( $~~_GET[$question]~~ !== $~~answer~~ ) {
30	- wp_redirect( esc_url_raw ($redirect), 302 );

31
32	- // if ( $form_request <= $custom_logged_out ) {
33	- // wp_redirect( esc_url_raw ($redirect), 302 );
34	-
35	- if ( $form_request != $custom_url ) {
36	- wp_redirect( esc_url_raw ($redirect), 302 );
37	- }
38	- // }
39	- }
40	- }
41	}


3	/*
4	* Check the URL of the WordPress login page for a specific query string.
5	*


6	*/
7
8	add_action( 'login_init', 'slp_login_stringcheck' );
9	function slp_login_stringcheck() {
10
11	+ global $slp_options, $custom_url;
12
13	// set the location a failed attempt goes to
14	$redirect = $slp_options['redirect_url'];
15	$question = $slp_options['question'];
16	$answer = $slp_options['answer'];
17
18	+ // get the requested URL
19	+ $form_request = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];






20
21	+ if ( $form_request !== $custom_url ) {
22	+ wp_redirect( esc_url_raw ($redirect), 302 );
23	+ }
24









25	}

plugin.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	/*
3	Plugin Name: Stealth Login Page
4	Plugin URI: http://wordpress.org/extend/plugins/stealth-login-page/
5	- Version: 2.1.1
6	Author: Jesse Petersen
7	Author URI: http://www.petersenmediagroup.com
8	Description: Protect your /wp-admin and wp-login.php pages from being accessed without editing .htaccess
	@@ -98,7 +98,7 @@ $slp_prefix = 'slp_';
98	$slp_plugin_name = 'Stealth Login Page';
99	// retrieve plugin settings from options table
100	$slp_options = get_option('slp_settings');
101	- $custom_url = ~~wp_login_url~~() . '?' . $slp_options['question'] . '=' . $slp_options['answer'];
102	$custom_url_ending = "wp-login.php?" . $slp_options['question'] . '=' . $slp_options['answer'];
103	$custom_logged_out = $custom_url . '?loggedout=true';
104	$custom_lost_password = $custom_url . '&action=lostpassword';


2	/*
3	Plugin Name: Stealth Login Page
4	Plugin URI: http://wordpress.org/extend/plugins/stealth-login-page/
5	+ Version: 2.1.2
6	Author: Jesse Petersen
7	Author URI: http://www.petersenmediagroup.com
8	Description: Protect your /wp-admin and wp-login.php pages from being accessed without editing .htaccess

98	$slp_plugin_name = 'Stealth Login Page';
99	// retrieve plugin settings from options table
100	$slp_options = get_option('slp_settings');
101	+ $custom_url = site_url() . '/wp-login.php?' . $slp_options['question'] . '=' . $slp_options['answer'];
102	$custom_url_ending = "wp-login.php?" . $slp_options['question'] . '=' . $slp_options['answer'];
103	$custom_logged_out = $custom_url . '?loggedout=true';
104	$custom_lost_password = $custom_url . '&action=lostpassword';

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_i
4	Tags: login, wp-admin, redirect, security, 302
5	Requires at least: 3.4.2
6	Tested up to: 3.5.1
7	- Stable tag: 2.1.1
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -65,6 +65,11 @@ See more [examples](http://www.petersenmediagroup.com/plugins/stealth-login-page
65
66	== Changelog ==
67





68	= 2.1.1 =
69	* Bugfix - stealth re-enabled AND fixed the lost password link on the login page.
70	* Pending a fix to correct the redirect upon logout. It involves a WP redirect of a one-time URL that the plugin needs to allow. I can't allow it without allowing all remote attacks again.
	@@ -104,6 +109,11 @@ See more [examples](http://www.petersenmediagroup.com/plugins/stealth-login-page
104
105	== Upgrade Notice ==
106





107	= 2.1.1 =
108	* CRITICAL Bugfix - stealth re-enabled AND fixed the lost password link on the login page.
109	* Pending a fix to correct the redirect upon logout. It involves a WP redirect of a one-time URL that the plugin needs to allow. I can't allow it without allowing all remote attacks again.


4	Tags: login, wp-admin, redirect, security, 302
5	Requires at least: 3.4.2
6	Tested up to: 3.5.1
7	+ Stable tag: 2.1.2
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

65
66	== Changelog ==
67
68	+ = 2.1.2 =
69	+ * Efficiencies improved.
70	+ * Edited global variables for efficiency.
71	+ * Eliminated potential conditional statment oversights in later updates.
72	+
73	= 2.1.1 =
74	* Bugfix - stealth re-enabled AND fixed the lost password link on the login page.
75	* Pending a fix to correct the redirect upon logout. It involves a WP redirect of a one-time URL that the plugin needs to allow. I can't allow it without allowing all remote attacks again.

109
110	== Upgrade Notice ==
111
112	+ = 2.1.2 =
113	+ * Efficiencies improved.
114	+ * Edited global variables for efficiency.
115	+ * Eliminated potential conditional statment oversights in later updates.
116	+
117	= 2.1.1 =
118	* CRITICAL Bugfix - stealth re-enabled AND fixed the lost password link on the login page.
119	* Pending a fix to correct the redirect upon logout. It involves a WP redirect of a one-time URL that the plugin needs to allow. I can't allow it without allowing all remote attacks again.