FP Printing Admin URL in Source Code

  • Anonymous User 11187416

    (@anonymized-11187416)


    3 years, 6 months ago

    Hey,

    So I have customised my admin login urls (and put other settings in place to block the defaults) so that brute force attempts are more or less impossible.

    However, I’ve had a few attempts recently, leading me to check how on earth they could have found the URL. It’s then I spotted that FP includes it in the Ignore List whether it’s manually there or not. Taken from this part of your inject-js.php.

    ignoreKeywords: '.json_encode(get_option('flying_pages_config_ignore_keywords'), true).',

    Now, caching/minifying etc is a multilayer beast so there’s a chance that, although it’s your code, it’s not FP itself causing the exposure. But as it’s your JS I wanted to start there.

    Is there any way to modify your code to exclude the admin URLs from appearing publicly in the ignore list (or at all, preferably)?

    Thanks!

The topic ‘FP Printing Admin URL in Source Code’ is closed to new replies.

  • 0 replies
  • 1 participant
  • Last reply from: Anonymous User 11187416
  • Last activity: 3 years, 6 months ago
  • Status: not resolved