Stealth Login Page - Version 4.0.0

Version Description

  • TOTALLY re-worked mehodology. It is backwards compatible.
  • WordPress 3.6 compatibility.
  • Complete re-build of the structure, code, and methodology of its security.
Download this release

Release Info

Developer peterdog
Plugin Icon wp plugin Stealth Login Page
Version 4.0.0
Comparing to
See all releases

Code changes from version 3.0.0 to 4.0.0

Files changed (11) hide show
  1. includes/actions.php +33 -0
  2. includes/documentation.php +0 -41
  3. includes/functions-auth-key.php +41 -0
  4. includes/{wp-config-functions.php → functions-oldfile.php} +2 -4
  5. includes/{settings-functions.php → functions-oldsql.php} +3 -3
  6. includes/globals.php +2 -0
  7. includes/install.php +108 -0
  8. includes/settings-page.php +17 -29
  9. plugin.php +169 -159
  10. readme.txt +41 -19
  11. uninstall.php +11 -1
includes/actions.php ADDED
@@ -0,0 +1,33 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Front-End Actions
4
+ *
5
+ * @package SLP
6
+ * @subpackage Functions
7
+ * @copyright Copyright (c) 2013, Jesse Petersen
8
+ * @license http://opensource.org/licenses/gpl-2.0.php GNU Public License
9
+ * @since 4.0.0
10
+ */
11
+
12
+ // Exit if accessed directly
13
+ if ( ! defined( 'ABSPATH' ) ) exit;
14
+
15
+ add_action('admin_init', 'slp_register_settings'); // create settings in database
16
+ function slp_register_settings() {
17
+ register_setting('slp_settings_group', 'slp_settings');
18
+ }
19
+
20
+ add_action( 'login_init', 'which_settings', 1);
21
+ function which_settings() {
22
+ global $slp_auth_key, $slp_redirect, $slp_question, $slp_answer;
23
+
24
+ if ( isset( $slp_auth_key ) ) {
25
+ require_once SLP_PLUGIN_DIR . 'includes/functions-auth-key.php'; // loads the new 4.0.0 auth key functions
26
+ }
27
+ elseif ( isset( $slp_question ) && isset( $slp_answer ) && isset( $slp_redirect ) ) {
28
+ require_once SLP_PLUGIN_DIR . 'includes/functions-oldfile.php'; // loads the wp-config.php functions
29
+ }
30
+ else {
31
+ require_once SLP_PLUGIN_DIR . 'includes/functions-oldsql.php'; // loads the settings page functions
32
+ }
33
+ }
includes/documentation.php DELETED
@@ -1,41 +0,0 @@
1
- <?php
2
-
3
- /**
4
- * Documentation page
5
- *
6
- * @since 3.0.0
7
- */
8
- function slp_documentation() {
9
-
10
- global $slp_options, $custom_url;
11
-
12
- ob_start(); ?>
13
- <div class="wrap">
14
- <h2><?php _e( 'Stealth Login Page Documentation', 'stealth-login-page' ); ?></h2>
15
-
16
- <h3><?php _e( 'Network (multi-site) Activation', 'stealth-login-page' ); ?></h3>
17
- <p><?php _e( 'Version 3.0.0 added full multi-site capabilities. Previously, the plugin needed each site to have the settings page filled out and the enable checkbox checked. Now, for v3.0.0 and above, Network Activate the plugin.' ); ?></p>
18
- <p><?php _e( 'Add the following 3 lines to wp-config.php (right after the $table_prefix variable is good placement) to fully engage the plugin across the network:', 'stealth-login-page' ); ?></p>
19
- <ul>
20
- <li>$slp_redirect = "URL"</li>
21
- <li>$slp_question = "question";</li>
22
- <li>$slp_answer = "answer";</li>
23
- </ul>
24
- <p><?php _e( 'Change each variable to customize the redirect URL, question, and answer settings. If one of the variable entries (not the custom "answer" for each) is missing, the plugin will not activate the redirect function. All three are required to be in the file.', 'stealth-login-page' ); ?></p>
25
- <p><strong><?php _e( 'Note: Adding these to wp-config.php will override any and all settings on any site (single or multi-site install both) and put that custom URL and redirect URL in play.', 'stealth-login-page' ); ?></strong></p>
26
- <p><?php _e( 'There is no e-mail URL for the wp-config.php route because (obviously) if you have the ability to put those in place, you also have the ability to change settings or disable it.', 'stealth-login-page' ); ?></p>
27
- <p><?php _e( 'If you remove the wp-config.php variables, then any site that has the settings page filled out and the "enable" checkbox checked will revert to the settings page behavior.', 'stealth-login-page' ); ?></p>
28
- <h3><?php _e( 'Lost Password/Logout', 'stealth-login-page' ); ?></h3>
29
- <p><?php _e( 'Due to the number of support requests involving the lost password function or logouts (or anything else that happens aside from purely attempting to visit the login page from direct navigation), the URL filter that was in place in v2.1.2 has been removed. While it solved many issues, it created more than it solved.', 'stealth-login-page' ); ?></p>
30
- <h4><?php _e( 'To make up for that...', 'stealth-login-page' ); ?></h4>
31
- <p><?php _e( 'The redirect function is bypassed if the system recognizes you as being in a logged in session. As of yet, it is not certain how this will behave in 3.6 when a session times out and the pop-up appears, but hopefully nothing will need to be altered.', 'stealth-login-page' ); ?></p>
32
- <h3><?php _e( 'Donations', 'stealth-login-page' ); ?></h3>
33
- <p><?php _e( 'An additional 15 hours of programming went into v3.0.0 to enable multi-site, streamline the code, and rebuild the redirect functions from the ground up to eliminate as many potential scenarios as possible.', 'stealth-login-page' ); ?></p>
34
- <p><?php _e( 'Any donations will allow this to continue to be developed and supported, as there are several new features that should be included, but there is not enough funding to neglect paid projects.', 'stealth-login-page' ); ?></p>
35
- <p><strong><?php _e('Like the plugin? Please ', 'stealth-login-page'); ?> <a href="http://wordpress.org/support/view/plugin-reviews/stealth-login-page?rate=5#postform" target="_blank"> <?php _e('rate and review', 'stealth-login-page'); ?></a> <?php _e(' it', 'stealth-login-page'); ?>.</strong></p>
36
- <br />
37
- <p><center><a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=7T2JDSM64HQV8" target="_blank"><img src="http://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" /></a></center></p>
38
- </div><!-- .wrap -->
39
- <?php
40
- echo ob_get_clean();
41
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
includes/functions-auth-key.php ADDED
@@ -0,0 +1,41 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ /**
4
+ * Authorization Key Function
5
+ *
6
+ * @package SLP
7
+ * @subpackage Functions/Auth_Key
8
+ * @copyright Copyright (c) 2013, Jesse Petersen
9
+ * @license http://opensource.org/licenses/gpl-2.0.php GNU Public License
10
+ * @since 4.0.0
11
+ */
12
+
13
+ add_filter( 'login_form', 'custom_login_stuff', 1 );
14
+ function custom_login_stuff() {
15
+ global $slp_options;
16
+ $new_SLP_login_field = '
17
+ <p class="login-authenticate">
18
+ <label for="auth_key">Authorization code</label>
19
+ <input type="text" name="auth_key" id="auth_key" class="input" value="" size="20" />
20
+ </p>';
21
+ echo $new_SLP_login_field;
22
+ }
23
+
24
+ add_action( 'wp_authenticate', 'slp_auth_key_check', 5 );
25
+ function slp_auth_key_check($username) {
26
+
27
+ global $wpdb, $slp_options, $slp_auth_key;
28
+
29
+ if ( !username_exists( $username ) ) {
30
+ return;
31
+ }
32
+
33
+ $set_key = $slp_options['auth_key'];
34
+ $submit_key = $_POST['auth_key'];
35
+
36
+ if ( ! ( $set_key == $_POST['auth_key'] ) ) {
37
+ wp_redirect( esc_url_raw ($slp_options['redirect_url']), 302 );
38
+ die;
39
+ }
40
+
41
+ }
includes/{wp-config-functions.php → functions-oldfile.php} RENAMED
@@ -3,11 +3,11 @@
3
  add_action( 'login_init', 'slp_wpconfig_login_stringcheck' );
4
  function slp_wpconfig_login_stringcheck() {
5
 
6
- global $slp_redirect, $slp_question, $slp_answer, $custom_wp_config, $message;
7
 
8
- // get the requested URL
9
  $form_request_local = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
10
  $form_request = $_SERVER['HTTP_REFERER'];
 
11
 
12
  if ( (is_user_logged_in(TRUE)) ) {
13
  return;
@@ -15,8 +15,6 @@ function slp_wpconfig_login_stringcheck() {
15
  elseif (! ( ($form_request_local == $custom_wp_config) || ($form_request == $custom_wp_config) ) ) {
16
 
17
  wp_redirect( esc_url_raw ($slp_redirect), 302 );
18
- echo $message;
19
  die;
20
-
21
  }
22
  }
3
  add_action( 'login_init', 'slp_wpconfig_login_stringcheck' );
4
  function slp_wpconfig_login_stringcheck() {
5
 
6
+ global $slp_redirect, $slp_question, $slp_answer;
7
 
 
8
  $form_request_local = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
9
  $form_request = $_SERVER['HTTP_REFERER'];
10
+ $custom_wp_config = site_url() . '/wp-login.php?' . $slp_question . '=' . $slp_answer;
11
 
12
  if ( (is_user_logged_in(TRUE)) ) {
13
  return;
15
  elseif (! ( ($form_request_local == $custom_wp_config) || ($form_request == $custom_wp_config) ) ) {
16
 
17
  wp_redirect( esc_url_raw ($slp_redirect), 302 );
 
18
  die;
 
19
  }
20
  }
includes/{settings-functions.php → functions-oldsql.php} RENAMED
@@ -3,19 +3,19 @@
3
  add_action( 'login_init', 'slp_settings_login_stringcheck' );
4
  function slp_settings_login_stringcheck() {
5
 
6
- global $slp_options, $custom_url, $message;
7
 
8
- // get the requested URL
9
  $form_request_local = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
10
  $form_request = $_SERVER['HTTP_REFERER'];
 
11
 
12
  if ( (is_user_logged_in(TRUE)) ) {
13
  return;
14
  }
15
 
16
  elseif (! ( ($form_request_local == $custom_url) || ($form_request == $custom_url) ) ) {
 
17
  wp_redirect( esc_url_raw ($slp_options['redirect_url']), 302 );
18
- echo $message;
19
  die;
20
  }
21
 
3
  add_action( 'login_init', 'slp_settings_login_stringcheck' );
4
  function slp_settings_login_stringcheck() {
5
 
6
+ global $slp_options;
7
 
 
8
  $form_request_local = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
9
  $form_request = $_SERVER['HTTP_REFERER'];
10
+ $custom_url = site_url() . '/wp-login.php?' . $slp_options['question'] . '=' . $slp_options['answer'];
11
 
12
  if ( (is_user_logged_in(TRUE)) ) {
13
  return;
14
  }
15
 
16
  elseif (! ( ($form_request_local == $custom_url) || ($form_request == $custom_url) ) ) {
17
+
18
  wp_redirect( esc_url_raw ($slp_options['redirect_url']), 302 );
 
19
  die;
20
  }
21
 
includes/globals.php ADDED
@@ -0,0 +1,2 @@
 
 
1
+ <?php
2
+ // silence is golden
includes/install.php ADDED
@@ -0,0 +1,108 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Install Function
4
+ *
5
+ * @package SLP
6
+ * @subpackage Functions/Install
7
+ * @copyright Copyright (c) 2013, Jesse Petersen
8
+ * @license http://opensource.org/licenses/gpl-2.0.php GNU Public License
9
+ * @since 3.0.0
10
+ */
11
+
12
+ // Exit if accessed directly
13
+ if ( ! defined( 'ABSPATH' ) ) exit;
14
+
15
+ register_activation_hook( SLP_PLUGIN_FILE, 'slp_activate' );
16
+ register_deactivation_hook( SLP_PLUGIN_FILE, 'slp_deactivate' );
17
+
18
+ function slp_activate($networkwide) {
19
+ global $wpdb;
20
+
21
+ if (function_exists('is_multisite') && is_multisite()) {
22
+ // check if it is a network activation - if so, run the activation function for each blog id
23
+ if ($networkwide) {
24
+ $old_blog = $wpdb->blogid;
25
+ // Get all blog ids
26
+ $blogids = $wpdb->get_col("SELECT blog_id FROM {$wpdb->blogs}");
27
+ foreach ($blogids as $blog_id) {
28
+ switch_to_blog($blog_id);
29
+ return _slp_activate($networkwide);
30
+ }
31
+ switch_to_blog($old_blog);
32
+ return;
33
+ }
34
+ }
35
+ return _slp_activate($networkwide);
36
+ }
37
+
38
+ function slp_network_propagate($pfunction, $networkwide) {
39
+ global $wpdb;
40
+
41
+ if (function_exists('is_multisite') && is_multisite()) {
42
+ // check if it is a network activation - if so, run the activation function
43
+ // for each blog id
44
+ if ($networkwide) {
45
+ $old_blog = $wpdb->blogid;
46
+ // Get all blog ids
47
+ $blogids = $wpdb->get_col("SELECT blog_id FROM {$wpdb->blogs}");
48
+ foreach ($blogids as $blog_id) {
49
+ switch_to_blog($blog_id);
50
+ call_user_func($pfunction, $networkwide);
51
+ }
52
+ switch_to_blog($old_blog);
53
+ return;
54
+ }
55
+ }
56
+ call_user_func($pfunction, $networkwide);
57
+ }
58
+
59
+
60
+ function slp_deactivate($networkwide) {
61
+ slp_network_propagate('_slp_deactivate', $networkwide);
62
+ }
63
+
64
+ add_action( 'wpmu_new_blog', 'slp_new_blog', 10, 6);
65
+
66
+ function slp_new_blog($blog_id, $user_id, $domain, $path, $site_id, $meta ) {
67
+ global $wpdb;
68
+
69
+ if (is_plugin_active_for_network('stealth-login-page/stealth-login-page.php')) {
70
+ $old_blog = $wpdb->blogid;
71
+ switch_to_blog($blog_id);
72
+ _slp_activate(TRUE);
73
+ switch_to_blog($old_blog);
74
+ }
75
+ }
76
+
77
+ function _slp_activate($networkwide) {
78
+ return ;
79
+ }
80
+
81
+ function _slp_deactivate($networkwide) {
82
+ return ;
83
+ }
84
+
85
+ add_action('admin_menu', 'slp_plugin_menu');
86
+ function slp_plugin_menu() {
87
+ add_options_page( __( 'Stealth Login Page', 'stealth-login-page' ), __( 'Stealth Login Page', 'stealth-login-page' ), 'manage_options', 'stealth-login-page', 'slp_admin' );
88
+ return;
89
+ }
90
+
91
+ /**
92
+ * Add settings link on plugin page
93
+ *
94
+ * @since 3.0.0
95
+ * @param array $links
96
+ * @param string $file
97
+ * @return array
98
+ */
99
+ add_filter( 'plugin_action_links', 'slp_admin_settings_link', 10, 2 );
100
+ function slp_admin_settings_link( $links, $file ) {
101
+
102
+ if ( plugin_basename(__FILE__) == $file ) {
103
+ $settings_link = '<a href="' . admin_url( 'options-general.php?page=stealth-login-page' ) . '">' . __( 'Settings', 'stealth-login-page' ) . '</a>';
104
+ }
105
+
106
+ return $links;
107
+
108
+ }
includes/settings-page.php CHANGED
@@ -1,17 +1,12 @@
1
  <?php
2
 
3
- add_action('admin_init', 'slp_register_settings'); // create settings in database
4
- function slp_register_settings() {
5
- register_setting('slp_settings_group', 'slp_settings');
6
- }
7
-
8
  add_action( 'admin_init', 'slp_email_admin' );
9
  function slp_email_admin() {
10
- global $slp_options, $custom_url;
11
- if ( isset( $slp_options['enable'] ) && $slp_options['question'] && $slp_options['answer'] && isset ( $_POST['email-admin'] ) && current_user_can( 'manage_options' ) ) {
12
  $to = get_bloginfo( 'admin_email' );
13
- $subject = sprintf( __( 'Custom login URL for %s', 'stealth-login-page' ), get_bloginfo( 'name' ) );
14
- $message = sprintf( __( 'Your custom login URL for %1$s is %2$s', 'stealth-login-page' ), get_bloginfo( 'name' ), $custom_url );
15
  wp_mail( $to, $subject, $message );
16
  }
17
  }
@@ -23,44 +18,37 @@ function slp_email_admin() {
23
  */
24
  function slp_admin() {
25
 
26
- global $slp_options, $custom_url;
27
 
28
  ob_start(); ?>
29
  <div class="wrap">
30
  <h2><?php _e( 'Stealth Login Page Options', 'stealth-login-page' ); ?></h2>
31
  <form method="post" action="options.php">
32
 
33
- <?php settings_fields('slp_settings_group');
34
- slp_credits(); ?>
35
 
36
- <h4><?php _e( 'Enable/Disable Stealth Login Page', 'stealth-login-page' ); ?></h4>
37
 
38
  <input id="slp_settings[enable]" type="checkbox" name="slp_settings[enable]" value="1" <?php checked(1, isset( $slp_options['enable'] ) ); ?> />
39
 
40
  <label class="description" for="slp_settings[enable]"><?php _e( 'Enable Stealth Mode', 'stealth-login-page' ); ?></label>
41
 
42
- <p><?php _e( 'Those attempting to gain access to your login form will be automatcally redirected to a customizable URL. Enter that URL below.', 'stealth-login-page' ); ?></p>
43
 
44
- <label class="description" for="slp_settings[redirect_url]"><?php _e( 'URL to redirect unauthorized attempts to', 'stealth-login-page' ); ?></label>
45
-
46
- <input type="text" required id="slp_settings[redirect_url]" name="slp_settings[redirect_url]" value="<?php echo $slp_options['redirect_url']; ?>" />
47
 
48
- <p><?php _e( 'The first part of the new URL string to reach your login form is the "question." It is just an arbitrary word or code. Complexity will not matter much at this time.', 'stealth-login-page' ); ?></p>
49
 
50
- <label class="description" for="slp_settings[question]"><?php _e( 'String used for the "question"', 'stealth-login-page' ); ?></label>
51
 
52
- <input type="text" required id="slp_settings[question]" name="slp_settings[question]" value="<?php echo $slp_options['question']; ?>" />
53
-
54
- <p><?php _e( 'The second part of the new URL string to reach your login form is the "answer." It is also just an arbitrary word or code.', 'stealth-login-page' ); ?></p>
55
-
56
- <label class="description" for="slp_settings[answer]"><?php _e( 'String used for the "answer"', 'stealth-login-page' ); ?></label>
57
 
58
- <input type="text" required id="slp_settings[answer]" name="slp_settings[answer]" value="<?php echo $slp_options['answer']; ?>" />
59
 
60
  <p>
61
  <input id="email-admin" type="checkbox" name="email-admin" value="0" />
62
 
63
- <label class="description" for="email-admin"><?php _e( 'Email login URL to admin', 'stealth-login-page' ); ?></label>
64
  </p>
65
 
66
  <p class="submit">
@@ -70,9 +58,9 @@ function slp_admin() {
70
 
71
  <?php
72
 
73
- if ( isset( $slp_options['enable'] ) && $slp_options['question'] && $slp_options['answer'] ) { ?>
74
- <div class="custom-url">
75
- <p><?php _e( 'Your custom login URL is:', 'stealth-login-page' ); ?> <a href="<?php echo $custom_url; ?>"><?php echo $custom_url; ?></a></p>
76
  </div>
77
  <?php } ?>
78
 
1
  <?php
2
 
 
 
 
 
 
3
  add_action( 'admin_init', 'slp_email_admin' );
4
  function slp_email_admin() {
5
+ global $slp_options, $custom_url;
6
+ if ( isset( $slp_options['enable'] ) && $slp_options['auth_key'] && isset ( $_POST['email-admin'] ) && current_user_can( 'manage_options' ) ) {
7
  $to = get_bloginfo( 'admin_email' );
8
+ $subject = sprintf( __( 'Authorization code for %s', 'stealth-login-page' ), get_bloginfo( 'name' ) );
9
+ $message = sprintf( __( 'Your authorization code for %1$s is %2$s', 'stealth-login-page' ), get_bloginfo( 'name' ), $slp_options['auth_key'] );
10
  wp_mail( $to, $subject, $message );
11
  }
12
  }
18
  */
19
  function slp_admin() {
20
 
21
+ global $slp_options;
22
 
23
  ob_start(); ?>
24
  <div class="wrap">
25
  <h2><?php _e( 'Stealth Login Page Options', 'stealth-login-page' ); ?></h2>
26
  <form method="post" action="options.php">
27
 
28
+ <?php settings_fields('slp_settings_group'); ?>
 
29
 
30
+ <h3><?php _e( 'Enable/Disable Stealth Login Page', 'stealth-login-page' ); ?></h3>
31
 
32
  <input id="slp_settings[enable]" type="checkbox" name="slp_settings[enable]" value="1" <?php checked(1, isset( $slp_options['enable'] ) ); ?> />
33
 
34
  <label class="description" for="slp_settings[enable]"><?php _e( 'Enable Stealth Mode', 'stealth-login-page' ); ?></label>
35
 
36
+ <p><?php _e( 'Enter an authorization code below. Think of it as another password or a PIN. Without a proper entry from the login form, the login form will redirect.', 'stealth-login-page' ); ?></p>
37
 
38
+ <label class="description" for="slp_settings[auth_key]"><?php _e( 'Enter an authorization code', 'stealth-login-page' ); ?></label>
 
 
39
 
40
+ <input type="text" required id="slp_settings[auth_key]" name="slp_settings[auth_key]" value="<?php echo $slp_options['auth_key']; ?>" />
41
 
42
+ <p><?php _e( 'Unsuccessful attempts to gain access to your dashboard will be automatically redirected to a customizable URL. Enter that URL below.', 'stealth-login-page' ); ?></p>
43
 
44
+ <label class="description" for="slp_settings[redirect_url]"><?php _e( 'URL to redirect unauthorized attempts to', 'stealth-login-page' ); ?></label>
 
 
 
 
45
 
46
+ <input type="text" required id="slp_settings[redirect_url]" name="slp_settings[redirect_url]" value="<?php echo $slp_options['redirect_url']; ?>" />
47
 
48
  <p>
49
  <input id="email-admin" type="checkbox" name="email-admin" value="0" />
50
 
51
+ <label class="description" for="email-admin"><?php _e( 'Email authorization code to admin', 'stealth-login-page' ); ?></label>
52
  </p>
53
 
54
  <p class="submit">
58
 
59
  <?php
60
 
61
+ if ( isset( $slp_options['enable'] ) && $slp_options['auth_key'] ) { ?>
62
+ <div class="auth-key-email">
63
+ <p><?php _e( 'Your authorization code is: ', 'stealth-login-page' ); ?><?php echo $slp_options['auth_key']; ?></p>
64
  </div>
65
  <?php } ?>
66
 
plugin.php CHANGED
@@ -2,17 +2,18 @@
2
  /*
3
  Plugin Name: Stealth Login Page
4
  Plugin URI: http://wordpress.org/extend/plugins/stealth-login-page/
5
- Version: 3.0.0
6
  Author: Jesse Petersen
7
  Author URI: http://www.petersenmediagroup.com
8
- Description: Protect your /wp-admin and wp-login.php pages from being accessed without editing .htaccess
9
- Text Domain: stealth-login-page
10
  Domain Path: /languages/
11
  */
12
  /*
13
  Copyright 2013 Jesse Petersen
14
 
15
- Thanks to Andrew Norcross (@norcross) for the redirect code (https://gist.github.com/norcross/4342231) and Billy Fairbank (@billyfairbank) for the idea to turn it into a plugin. Last minute thanks for 'mindctrl' (https://github.com/mindctrl) hopping on GitHub and adding more advanced features and correcting my mistakes.
 
 
16
 
17
  Thanks to David Decker for DE localization: http://deckerweb.de/kontakt/
18
 
@@ -45,180 +46,189 @@
45
  */
46
 
47
  /* Prevent direct access to the plugin */
48
- if ( !defined( 'ABSPATH' ) ) {
49
- wp_die( __( 'Sorry, you are not allowed to access this page directly.', 'stealth-login-page' ) );
50
- }
51
 
52
- add_action( 'init', 'slp_load_plugin_translations', 1 );
53
  /**
54
- * Load translations for this plugin
 
 
55
  */
56
- function slp_load_plugin_translations() {
57
-
58
- load_plugin_textdomain( 'stealth-login-page', false, dirname( plugin_basename( __FILE__ ) ) . '/languages' );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
59
 
60
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
61
 
62
- register_activation_hook( __FILE__, 'slp_activate' );
63
- register_deactivation_hook( __FILE__, 'slp_deactivate' );
64
-
65
- function slp_activate($networkwide) {
66
- global $wpdb;
67
-
68
- if (function_exists('is_multisite') && is_multisite()) {
69
- // check if it is a network activation - if so, run the activation function for each blog id
70
- if ($networkwide) {
71
- $old_blog = $wpdb->blogid;
72
- // Get all blog ids
73
- $blogids = $wpdb->get_col("SELECT blog_id FROM {$wpdb->blogs}");
74
- foreach ($blogids as $blog_id) {
75
- switch_to_blog($blog_id);
76
- return _slp_activate($networkwide);
77
- }
78
- switch_to_blog($old_blog);
79
- return;
80
- }
81
- }
82
- return _slp_activate($networkwide);
83
  }
84
-
85
- function slp_network_propagate($pfunction, $networkwide) {
86
- global $wpdb;
87
-
88
- if (function_exists('is_multisite') && is_multisite()) {
89
- // check if it is a network activation - if so, run the activation function
90
- // for each blog id
91
- if ($networkwide) {
92
- $old_blog = $wpdb->blogid;
93
- // Get all blog ids
94
- $blogids = $wpdb->get_col("SELECT blog_id FROM {$wpdb->blogs}");
95
- foreach ($blogids as $blog_id) {
96
- switch_to_blog($blog_id);
97
- call_user_func($pfunction, $networkwide);
98
- }
99
- switch_to_blog($old_blog);
100
- return;
101
- }
102
- }
103
- call_user_func($pfunction, $networkwide);
104
- }
105
-
106
-
107
- function slp_deactivate($networkwide) {
108
- slp_network_propagate('_slp_deactivate', $networkwide);
109
- }
110
 
111
- add_action( 'wpmu_new_blog', 'slp_new_blog', 10, 6);
112
-
113
- function slp_new_blog($blog_id, $user_id, $domain, $path, $site_id, $meta ) {
114
- global $wpdb;
115
-
116
- if (is_plugin_active_for_network('stealth-login-page/plugin.php')) {
117
- $old_blog = $wpdb->blogid;
118
- switch_to_blog($blog_id);
119
- _slp_activate(TRUE);
120
- switch_to_blog($old_blog);
121
- }
122
- }
 
 
 
 
 
 
 
 
 
 
 
 
123
 
124
- function _slp_activate($networkwide) {
125
- return ;
126
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
127
 
128
- function _slp_deactivate($networkwide) {
129
- return ;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
130
  }
131
 
132
- add_action('admin_menu', 'slp_plugin_menu');
133
- function slp_plugin_menu() {
134
- add_options_page( __( 'Stealth Login Page', 'stealth-login-page' ), __( 'Stealth Login Page', 'stealth-login-page' ), 'manage_options', 'stealth-login-page', 'slp_admin' );
135
- add_options_page( __( 'Stealth Login Page Documentation', 'stealth-login-page' ), __( 'Stealth Login Page Documentation', 'stealth-login-page' ), 'activate_plugins', 'stealth-login-page-documentation', 'slp_documentation' );
136
- return;
137
- }
138
 
139
  /**
140
- * Add settings link on plugin page
 
 
 
 
 
 
141
  *
142
- * @since 1.1.3
143
- * @param array $links
144
- * @param string $file
145
- * @return array
146
  */
147
- add_filter( 'plugin_action_links', 'slp_admin_settings_link', 10, 2 );
148
- function slp_admin_settings_link( $links, $file ) {
149
-
150
- if ( plugin_basename(__FILE__) == $file ) {
151
- $settings_link = '<a href="' . admin_url( 'options-general.php?page=stealth-login-page' ) . '">' . __( 'Settings', 'stealth-login-page' ) . '</a>';
152
- $documentation_link = '<a href="' . admin_url( 'options-general.php?page=stealth-login-page-documentation' ) . '">' . __( 'Documentation', 'stealth-login-page' ) . '</a>';
153
- array_unshift( $links, $settings_link, $documentation_link );
154
- }
155
-
156
- return $links;
157
-
158
  }
159
 
160
- // Global Variables ---------------------- //
 
 
 
 
 
 
161
  $slp_prefix = 'slp_';
 
 
162
  $slp_plugin_name = 'Stealth Login Page';
163
- // retrieve plugin settings from options table
 
 
164
  $slp_options = get_option('slp_settings');
165
- $custom_url = site_url() . '/wp-login.php?' . $slp_options['question'] . '=' . $slp_options['answer'];
166
- if ( isset($slp_question) && isset($slp_answer) && isset($slp_redirect) ) {
167
- $custom_wp_config = site_url() . '/wp-login.php?' . $slp_question . '=' . $slp_answer;
168
- }
169
- $message = '<h2 style="text-align: center; margin-top: 4em;">You suck! Go hack someone else.</h2>';
170
-
171
- /*-------------------------------------------------------------
172
- Name: slp_credits
173
-
174
- Purpose: Promotional stuff shown throughout the plugin
175
- Since: 1.1.3
176
- -------------------------------------------------------------*/
177
- function slp_credits() {
178
-
179
- echo '<table class="widefat" style="margin-top: .5em">';
180
-
181
- echo '<thead>';
182
- echo '<tr valign="top">';
183
- echo ' <th width="27%">'.__('Your support makes a difference', 'stealth-login-page').'</th>';
184
- echo ' <th>'.__('Useful links', 'stealth-login-page').'</th>';
185
- echo ' <th width="35%">'.__('Brought to you by', 'stealth-login-page').'</th>';
186
- echo '</tr>';
187
- echo '</thead>';
188
-
189
- echo '<tbody>';
190
- echo '<tr>';
191
- echo '<td><ul>';
192
- echo ' <li>'.__('Your generous gift will ensure the continued development of Stealth Login Page and bring more benefits and features. Thank you for your consideration!', 'stealth-login-page').'</li>';
193
-
194
- echo ' <li><center><a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=7T2JDSM64HQV8" target="_blank"><img src="http://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" /></a></center></li>';
195
- echo ' <li>'.__('Like the plugin? Please ', 'stealth-login-page').' <a href="http://wordpress.org/support/view/plugin-reviews/stealth-login-page?rate=5#postform" target="_blank">'.__('rate and review', 'stealth-login-page').'</a> '.__('it', 'stealth-login-page').'.</li>';
196
- echo '</ul></td>';
197
 
198
- echo '<td style="border-left:1px #ddd solid;"><ul>';
199
-
200
- echo ' <li><strong>'.__('Plugin documentation', 'stealth-login-page').' <a href="'.admin_url() . 'options-general.php?page=stealth-login-page-documentation" target="_blank">right here in the dashboard</a>.</strong></li><br /><br />';
201
- echo ' <li>'.__('Find my website at', 'stealth-login-page').' <a href="http://www.petersenmediagroup.com" target="_blank">petersenmediagroup.com</a>.</li>';
202
- echo ' <li>'.__('Beef up your security even more with', 'stealth-login-page').' <a href="http://wordpress.org/extend/plugins/limit-login-attempts/" target="_blank">'.__('Limit Login Attempts','stealth-login-page').'</a>.</li>';
203
- echo ' <li>'.__('Learn more about secure WordPress hosting with a ', 'stealth-login-page').' <a href="http://www.petersenmediagroup.com/wordpress-hosting/" target="_blank">'.__('managed host', 'stealth-login-page').'</a>.</li>';
204
- echo '</ul></td>';
205
-
206
- echo '<td style="border-left:1px #ddd solid;"><ul>';
207
- echo ' <li><a href="http://www.petersenmediagroup.com" title="Petersen Media Group"><img src="'. plugins_url( 'images/pmg-logo.png' , __FILE__ ) .'" alt="pmg-logo" width="150" height="67" align="left" style="padding: 0 10px 10px 0;" /></a>';
208
- echo ' <a href="http://www.petersenmediagroup.com" title="Petersen Media Group">Petersen Media Group</a> - '.__('I’m a straight-shooter and listen to what my clients want, run it through my filters, and come up with what they need. Not a "yes man" by any stretch of the imagination, I don’t consider a project a success unless it serves my client well. I have a "do no harm" policy to protect them from mis-information and trying things I’ve already learned about the hard way.', 'stealth-login-page').' '.__('Visit the', 'stealth-login-page').' <a href="http://www.petersenmediagroup.com" target="_blank">'.__('Petersen Media Group', 'stealth-login-page').'</a> '.__('website', 'stealth-login-page').'.</li>';
209
- echo '</ul></td>';
210
- echo '</tr>';
211
- echo '</tbody>';
212
-
213
- echo '</table>';
214
- }
215
 
216
- // Includes ------------------------------ //
217
- include('includes/settings-page.php'); // loads the admin settings page
218
- include('includes/documentation.php'); // loads the admin settings page
219
- if ( $slp_options['enable'] ) {
220
- include('includes/settings-functions.php'); // loads the settings page functions
221
- }
222
- elseif ( isset($custom_wp_config) ) {
223
- include('includes/wp-config-functions.php'); // loads the wp-config.php functions
224
- }
2
  /*
3
  Plugin Name: Stealth Login Page
4
  Plugin URI: http://wordpress.org/extend/plugins/stealth-login-page/
5
+ Version: 4.0.0
6
  Author: Jesse Petersen
7
  Author URI: http://www.petersenmediagroup.com
8
+ Description: Protect your dashboard without editing the .htaccess file -- the FIRST one that completely blocks remote bot login requests.
 
9
  Domain Path: /languages/
10
  */
11
  /*
12
  Copyright 2013 Jesse Petersen
13
 
14
+ Thanks to Andrew Norcross (@norcross) for the original redirect code through v3.0.0
15
+ https://gist.github.com/norcross/4342231) and Billy Fairbank
16
+ (@billyfairbank) for the idea to turn it into a plugin.
17
 
18
  Thanks to David Decker for DE localization: http://deckerweb.de/kontakt/
19
 
46
  */
47
 
48
  /* Prevent direct access to the plugin */
49
+ if ( ! defined( 'ABSPATH' ) ) exit;
50
+
51
+ if ( ! class_exists( 'Stealth_Login_Page' ) ) :
52
 
 
53
  /**
54
+ * Main Stealth_Login_Page Class
55
+ *
56
+ * @since 4.0.0
57
  */
58
+ final class Stealth_Login_Page {
59
+
60
+ /**
61
+ * @var Stealth_Login_Page The one true Stealth_Login_Page
62
+ * @since 4.0.0
63
+ */
64
+ private static $instance;
65
+
66
+ /**
67
+ * Main Stealth_Login_Page Instance
68
+ *
69
+ * Ensures that only one instance of Stealth_Login_Page exists in memory at
70
+ * any one time. Also prevents needing to define globals all over the place.
71
+ *
72
+ * @since 4.0.0
73
+ * @static
74
+ * @staticvar array $instance
75
+ * @uses Stealth_Login_Page::setup_globals() Setup the globals needed
76
+ * @uses Stealth_Login_Page::includes() Include the required files
77
+ * @uses Stealth_Login_Page::setup_actions() Setup the hooks and actions
78
+ * @see SLP()
79
+ * @return The one true Stealth_Login_Page
80
+ */
81
+ public static function instance() {
82
+ if ( ! isset( self::$instance ) && ! ( self::$instance instanceof Stealth_Login_Page ) ) {
83
+ self::$instance = new Stealth_Login_Page;
84
+ self::$instance->setup_constants();
85
+ self::$instance->includes();
86
+ self::$instance->load_textdomain();
87
+ }
88
+ return self::$instance;
89
+ }
90
 
91
+ /**
92
+ * Throw error on object clone
93
+ *
94
+ * The whole idea of the singleton design pattern is that there is a single
95
+ * object therefore, we don't want the object to be cloned.
96
+ *
97
+ * @since 4.0.0
98
+ * @access protected
99
+ * @return void
100
+ */
101
+ public function __clone() {
102
+ // Cloning instances of the class is forbidden
103
+ _doing_it_wrong( __FUNCTION__, __( 'Cheatin&#8217; huh?', 'slp' ), '1.6' );
104
+ }
105
 
106
+ /**
107
+ * Disable unserializing of the class
108
+ *
109
+ * @since 4.0.0
110
+ * @access protected
111
+ * @return void
112
+ */
113
+ public function __wakeup() {
114
+ // Unserializing instances of the class is forbidden
115
+ _doing_it_wrong( __FUNCTION__, __( 'Cheatin&#8217; huh?', 'slp' ), '1.6' );
 
 
 
 
 
 
 
 
 
 
 
116
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
117
 
118
+ /**
119
+ * Setup plugin constants
120
+ *
121
+ * @access private
122
+ * @since 4.0.0
123
+ * @return void
124
+ */
125
+ private function setup_constants() {
126
+ // Plugin version
127
+ if ( ! defined( 'SLP_VERSION' ) )
128
+ define( 'SLP_VERSION', '4.0.0 ' );
129
+
130
+ // Plugin Folder Path
131
+ if ( ! defined( 'SLP_PLUGIN_DIR' ) )
132
+ define( 'SLP_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
133
+
134
+ // Plugin Folder URL
135
+ if ( ! defined( 'SLP_PLUGIN_URL' ) )
136
+ define( 'SLP_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
137
+
138
+ // Plugin Root File
139
+ if ( ! defined( 'SLP_PLUGIN_FILE' ) )
140
+ define( 'SLP_PLUGIN_FILE', __FILE__ );
141
+ }
142
 
143
+ /**
144
+ * Include required files
145
+ *
146
+ * @access private
147
+ * @since 4.0.0
148
+ * @return void
149
+ */
150
+ private function includes() {
151
+
152
+ include( SLP_PLUGIN_DIR . 'includes/install.php' );
153
+ include( SLP_PLUGIN_DIR . 'includes/actions.php' );
154
+
155
+ if( is_admin() ) {
156
+ include( SLP_PLUGIN_DIR . 'includes/settings-page.php' );
157
+ }
158
+ else {
159
+ }
160
+ }
161
 
162
+ /**
163
+ * Loads the plugin language files
164
+ *
165
+ * @access public
166
+ * @since 4.0.0
167
+ * @return void
168
+ */
169
+ public function load_textdomain() {
170
+ // Set filter for plugin's languages directory
171
+ $slp_lang_dir = dirname( plugin_basename( SLP_PLUGIN_FILE ) ) . '/languages/';
172
+ $slp_lang_dir = apply_filters( 'slp_languages_directory', $slp_lang_dir );
173
+
174
+ // Traditional WordPress plugin locale filter
175
+ $locale = apply_filters( 'plugin_locale', get_locale(), 'slp' );
176
+ $mofile = sprintf( '%1$s-%2$s.mo', 'slp', $locale );
177
+
178
+ // Setup paths to current locale file
179
+ $mofile_local = $slp_lang_dir . $mofile;
180
+ $mofile_global = WP_LANG_DIR . '/slp/' . $mofile;
181
+
182
+ if ( file_exists( $mofile_global ) ) {
183
+ // Look in global /wp-content/languages/slp folder
184
+ load_textdomain( 'slp', $mofile_global );
185
+ } elseif ( file_exists( $mofile_local ) ) {
186
+ // Look in local /wp-content/plugins/stealth-login-page/languages/ folder
187
+ load_textdomain( 'slp', $mofile_local );
188
+ } else {
189
+ // Load the default language files
190
+ load_plugin_textdomain( 'slp', false, $slp_lang_dir );
191
+ }
192
+ }
193
  }
194
 
195
+ endif; // End if class_exists check
 
 
 
 
 
196
 
197
  /**
198
+ * The main function responsible for returning the one true Stealth_Login_Page
199
+ * Instance to functions everywhere.
200
+ *
201
+ * Use this function like you would a global variable, except without needing
202
+ * to declare the global.
203
+ *
204
+ * Example: <?php $slp = SLP(); ?>
205
  *
206
+ * @since 4.0.0
207
+ * @return object The one true Stealth_Login_Page Instance
 
 
208
  */
209
+ function SLP() {
210
+ return Stealth_Login_Page::instance();
 
 
 
 
 
 
 
 
 
211
  }
212
 
213
+ /**
214
+ * Global Variables
215
+ *
216
+ * @since 4.0.0
217
+ */
218
+
219
+ global $slp_prefix;
220
  $slp_prefix = 'slp_';
221
+
222
+ global $slp_plugin_name;
223
  $slp_plugin_name = 'Stealth Login Page';
224
+
225
+ /* retrieve plugin settings from options table */
226
+ global $slp_options;
227
  $slp_options = get_option('slp_settings');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
228
 
229
+ /* retrieve question from options table */
230
+ global $slp_auth_key;
231
+ $slp_auth_key = $slp_options['auth_key'];
 
 
 
 
 
 
 
 
 
 
 
 
 
 
232
 
233
+ // Get SLP Running
234
+ SLP();
 
 
 
 
 
 
 
readme.txt CHANGED
@@ -1,28 +1,28 @@
1
  === Stealth Login Page ===
2
- Contributors: peterdog
3
- Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=7T2JDSM64HQV8
4
- Tags: login, wp-admin, redirect, security, 302
5
  Requires at least: 3.4.2
6
- Tested up to: 3.5.1
7
- Stable tag: 3.0.0
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
11
- Protect your /wp-admin and wp-login.php pages from being accessed without editing .htaccess -- the FIRST one that blocks remote bot login requests.
12
 
13
  == Description ==
14
 
15
- Protect your /wp-admin and wp-login.php pages from being accessed by obscuring the WP login form URL without editing any .htaccess files.
16
 
17
  = What it does =
18
 
19
- Without locking down access via IP address or file permissions, this plugin creates a secret, customizable, login URL string. Those attempting to gain access to your login form will be automatcally redirected to a customizable URL.
20
 
21
- This is the first plugin that blocks external bot login requests - login requests must come from your customized URL or the request is rejected.
22
 
23
  = Why it exists =
24
 
25
- When using a login limiting plugin, it is possible that someone is on your network and attempting to login, which will then lock you out because you share the same IP address. This plugin hides your login screen so you don't experience lockdowns when you didn't create the lockdown.
26
 
27
  = NOTE =
28
 
@@ -32,17 +32,28 @@ This does NOT replace the need for security "best practices" such as a strong pa
32
 
33
  1. Upload contents of the directory to /wp-content/plugins/ (or use the automatic installer)
34
  1. Activate the plugin through the 'Plugins' menu in WordPress
35
- 1. Configure the settings to create the secret URL string and redirect URL.
36
- 1. Verify it works by going to your default login form URL.
37
 
38
  Add the following variables to wp-config.php if you are on a MU site and want to globally activate it with the same settings on all sites (change what is in quotes to your liking):
39
 
40
- $slp_redirect = "URL";
41
- $slp_question = "question";
42
- $slp_answer = "answer";
43
 
44
  == Frequently Asked Questions ==
45
 
 
 
 
 
 
 
 
 
 
 
 
 
46
  = Does this work on MU sites? =
47
 
48
  Version 3.0.0 and greater is fully network-activated, includes uninstall, and bypasses all the settings pages with wp-config.php variables. See the Intallation tab or above in this file for instructions.
@@ -55,18 +66,23 @@ We've realized that bots (or really bored people) can enter a URL string in the
55
 
56
  Yes, as long as you are not actively logged into the site on that computer. You may enter your dashboard normally if you're in an active session. Once the session expires, you're further protected by it automatically redirecting rather than gaining access to the login form since WordPress redirects session timeouts to wp-login.php, unaware of the new URL string.
57
 
58
- = What do I do if I forget my link and can't find the e-mail the plugin sent me? =
59
 
60
- You'll need FTP access to your site. Renaming the stealth-login-page folder in /wp-content/plugins/ will remove the stealth security and allow you back into your dashboard.
61
 
62
  == Screenshots ==
63
 
64
  1. The options page.
65
-
66
- See more [examples](http://www.petersenmediagroup.com/plugins/stealth-login-page/ "Stealth Login Page Plugin URI") here.
67
 
68
  == Changelog ==
69
 
 
 
 
 
 
70
  = 3.0.0 =
71
  * Added full MU support.
72
  * Disabled the login/logout/lost-password URL filtering - it knows if you're logged in.
@@ -116,6 +132,12 @@ See more [examples](http://www.petersenmediagroup.com/plugins/stealth-login-page
116
 
117
  == Upgrade Notice ==
118
 
 
 
 
 
 
 
119
  = 3.0.0 =
120
  * Added full MU support.
121
  * Disabled the login/logout/lost-password URL filtering - it knows if you're logged in.
1
  === Stealth Login Page ===
2
+ Contributors: PMGLLC, peterdog
3
+ Donate link: https://www.petersenmediagroup.com/contribute
4
+ Tags: login, wp-login.php, two-form-factor, wp-admin, redirect, security
5
  Requires at least: 3.4.2
6
+ Tested up to: 4.0.1
7
+ Stable tag: 4.0.0
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
11
+ Protect your dashboard without editing the .htaccess file -- the FIRST one that completely blocks remote bot login requests.
12
 
13
  == Description ==
14
 
15
+ Protect your dashboard with a game-changing authorization code. The login form will never be the same again.
16
 
17
  = What it does =
18
 
19
+ Without locking down access via IP address or file permissions, this plugin creates a secret login authorizaiton code. Those who do not enter this additional authorization will be automatcally redirected to a customizable URL.
20
 
21
+ This is the first plugin that blocks external bot login requests - login requests must comply with the full login sequence or the request is rejected.
22
 
23
  = Why it exists =
24
 
25
+ To screw with hackers, brute-force attacks, and bot-nets. Screw with them, too.
26
 
27
  = NOTE =
28
 
32
 
33
  1. Upload contents of the directory to /wp-content/plugins/ (or use the automatic installer)
34
  1. Activate the plugin through the 'Plugins' menu in WordPress
35
+ 1. Configure the settings to create the secret authorization code and redirect URL.
36
+ 1. Verify it works by going to your login form.
37
 
38
  Add the following variables to wp-config.php if you are on a MU site and want to globally activate it with the same settings on all sites (change what is in quotes to your liking):
39
 
40
+ $slp_redirect "URL";
41
+ $slp_authorization "string";
 
42
 
43
  == Frequently Asked Questions ==
44
 
45
+ = I've been locked out! HELP! =
46
+
47
+ Step 1: breathe
48
+ Step 2: login to FTP or hosting and rename the stealth-login-page folder in /wp-content/plugins
49
+ Step 3: login
50
+
51
+ If those steps don't work, then it's possible you have a server caching or a caching plugin or a CDN that is still delivering the plugin files. Clear all caches (not your browser cache).
52
+
53
+ = I never got an e-mail of the code when I clicked the checkbox. =
54
+
55
+ Ensure that you clicked the Save Settings button after the box was checked. In every case I've seen, clicking it a second time always sends it.
56
+
57
  = Does this work on MU sites? =
58
 
59
  Version 3.0.0 and greater is fully network-activated, includes uninstall, and bypasses all the settings pages with wp-config.php variables. See the Intallation tab or above in this file for instructions.
66
 
67
  Yes, as long as you are not actively logged into the site on that computer. You may enter your dashboard normally if you're in an active session. Once the session expires, you're further protected by it automatically redirecting rather than gaining access to the login form since WordPress redirects session timeouts to wp-login.php, unaware of the new URL string.
68
 
69
+ = What do I do if I forget my code and can't find the e-mail the plugin sent me? =
70
 
71
+ You'll need FTP access to your site. Renaming the stealth-login-page folder in /wp-content/plugins/ will remove the stealth security and allow you back into your dashboard. If you have used variables in the wp-config.php file, delete or comment out those lines.
72
 
73
  == Screenshots ==
74
 
75
  1. The options page.
76
+ 2. Before.
77
+ 3. After.
78
 
79
  == Changelog ==
80
 
81
+ = 4.0.0 =
82
+ * TOTALLY re-worked mehodology. It is backwards compatible.
83
+ * WordPress 3.6 compatibility.
84
+ * Complete re-build of the structure, code, and methodology of its security.
85
+
86
  = 3.0.0 =
87
  * Added full MU support.
88
  * Disabled the login/logout/lost-password URL filtering - it knows if you're logged in.
132
 
133
  == Upgrade Notice ==
134
 
135
+ = 4.0.0 =
136
+ * Visit the settings page to enable NEW settings.
137
+ * TOTALLY re-worked mehodology. It is backwards compatible, so if you don't change anything, it will still work, but you WON'T see new benefits.
138
+ * WordPress 3.6 compatibility.
139
+ * Complete re-build of the structure, code, and methodology of its security.
140
+
141
  = 3.0.0 =
142
  * Added full MU support.
143
  * Disabled the login/logout/lost-password URL filtering - it knows if you're logged in.
uninstall.php CHANGED
@@ -1,4 +1,14 @@
1
  <?php
 
 
 
 
 
 
 
 
 
 
2
  if (!defined('WP_UNINSTALL_PLUGIN')) {
3
  header('Status: 403 Forbidden');
4
  header('HTTP/1.1 403 Forbidden');
@@ -13,7 +23,7 @@ if ( !current_user_can( 'install_plugins' ) )
13
  wp_die( 'You do not have permission to run this script.' );
14
 
15
  function slp_uninstall() {
16
- delete_option('slp_options');
17
  }
18
 
19
  global $wpdb;
1
  <?php
2
+ /**
3
+ * Uninstall
4
+ *
5
+ * @package SLP
6
+ * @subpackage Uninstall
7
+ * @copyright Copyright (c) 2013, Jesse Petersen
8
+ * @license http://opensource.org/licenses/gpl-2.0.php GNU Public License
9
+ * @since 3.0.0
10
+ */
11
+
12
  if (!defined('WP_UNINSTALL_PLUGIN')) {
13
  header('Status: 403 Forbidden');
14
  header('HTTP/1.1 403 Forbidden');
23
  wp_die( 'You do not have permission to run this script.' );
24
 
25
  function slp_uninstall() {
26
+ delete_option('slp_settings');
27
  }
28
 
29
  global $wpdb;