Plugin Possibly Does Not Fully Work On Login Pages…

  • thirstyjon

    (@thirstyjon)


    3 years ago

    @unicorn03 @erku (I included the tags because Andrea had said they had no notifications. Let me know if that irritates anyone).

    I just put this plugin on ALL my sites haha.

    I have a couple of sites that can only be viewed fully when logged in, so anyone who visits the domain is immediately redirected to a login page.

    On those sites ONLY the X-frames-Options header is working with the plugin.

    Does this mean the plugin isn’t working on login pages?

    Or… Maybe there is no problem at all and I just need more education about security headers and how they work. 🙂

    Is this something that needs to be fixed? Or only my brain needs to be fixed?

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter thirstyjon

    (@thirstyjon)

    3 years ago

    Actually, I just noticed on the site I used as an example that not even the X-Frame-Options is working.

    On my other two sites like that the X-Frame-Options IS working, but not the other headers.

    worldwideawakening.net is hosted on a free non-profit version of Dreamhost’s hosting, so I don’t know if that is a contributing issue.

    But I mostly just want to know in general should the plugin be working when the site redirects all visitors to login, and if it should be working why isn’t it.

    Rimas

    (@erku)

    3 years ago

    The headers are added using the wp_headers hook. I can only guess that that hook is not used by the login page. Are there any other hooks or filters we could use instead? Probably, but I don’t know (I’m not actually a fan of WordPress programming, so it’s no wonder I don’t know their API).

    If you check your wp-login.php on other websites using the SecurityHeaders service, you’ll likely notice the same symptom. At least that’s what happens when I check my wp-login.php: I’m getting a D rating here instead of A+ like I do with the homepage.

    Let’s hope Andrea will take a deeper look. 🙂

    • This reply was modified 3 years ago by Rimas.
    Thread Starter thirstyjon

    (@thirstyjon)

    3 years ago

    @erku

    👍

    I look forward to hearing what Andrea @unicorn03 has to say.

    • This reply was modified 3 years ago by thirstyjon.
    Plugin Author Andrea Ferro

    (@unicorn03)

    3 years ago

    Hi @thirstyjon , thanks for this new topic and for helping to improve the plugin. I am currently checking your issue and will get back to you as soon as possible.

    Thread Starter thirstyjon

    (@thirstyjon)

    3 years ago

    Thanks Andrea @unicorn03

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Plugin Possibly Does Not Fully Work On Login Pages…’ is closed to new replies.