ddaum's Replies | ww.wp.xz.cn

Forum Replies Created

Viewing 4 replies - 1 through 4 (of 4 total)

Forum: Plugins
In reply to: [Rename wp-login.php] Renames but, there is still a back door.

ddaum
(@ddaum)

11 years, 5 months ago

It will be pretty hard for the plugin developer to come up with a clean solution for this, because the canonical.php is executed even before any plugin hooks are registered, therefore it cannot intercept the site_url() call like it can for login/signup/activate.

That wp-register.php redirection is there for historical reasons only anyway and should be deprecated/removed by WordPress soon (I hope).

If you go ahead and mess around a lot in WP’s or other plugins’s code, (like I do) I recommend putting your whole installation into version control (i.e. Subversion). This makes tracking your changes and merging new versions together really easy. It also helps tracking changes that WP does to itself, like .htaccess changes, styles, auto-updates, etc. – I couldn’t live without it…

ddaum

Forum: Plugins
In reply to: [Rename wp-login.php] Renames but, there is still a back door.
ddaum
(@ddaum)

11 years, 5 months ago
Hey Mr.Yuck, I simply put a .htaccess password protection on /wp-admin, which protects on top of WordPress’ own user management (it’s only me anyways). Looks like this:
```
AuthName "admin area"
AuthType Basic
AuthUserFile /path/to/my/webspace/.htpasswd
AuthGroupFile /dev/null
require valid-user
```
For the .htpasswd file, you can just create one online; Google for htpasswd.

How did you measure/track hack attempts?
Forum: Plugins
In reply to: [Rename wp-login.php] Renames but, there is still a back door.
ddaum
(@ddaum)

11 years, 5 months ago
The pattern matching against most file names is pretty lax in the plugin and WordPress in general, and chances are your rewrite rule does not cover all cases. For example the following also redirects to the login page:

/foo/bar/wp-register.php/foo/bar

These are my rewrite rules now:
```
RewriteRule ^wp-login\.php\b - [F]
RewriteRule ^login(/.*)?$ - [F]
RewriteRule ^admin(/.*)?$ - [F]
RewriteRule \bwp-register\.php\b - [F]  # URL doesn't have to start with it!
RewriteRule ^wp-signup\.php\b - [F]
RewriteRule ^wp-activate\.php\b - [F]
RewriteRule ^wp-mail\.php\b - [F]
RewriteRule ^xmlrpc\.php\b - [F]
```
Plus Rename wp-login.php, plus .htaccess directory protection on /wp-admin. Let’s see how it goes…
Forum: Plugins
In reply to: [No Longer in Directory] German Localization: 'Installed plugins that are no longer in the…'

ddaum
(@ddaum)

11 years, 5 months ago

I just installed the plugin an hour ago from within WordPress and the translation is still wrong. The readme shows version 1.0.34.

I think HAL-9000 is referring to a different entry; although his suggestion is for the one you mentioned. To be specific, this is wrong:

msgid “”
“No installed plugins are no longer in the ww.wp.xz.cn Plugin Directory.”
msgstr “”
“Es befinden sich keine installierten Plugins im Plugin-Verzeichnis von “
“ww.wp.xz.cn.”

This translates back to: “None of your installed plugins exist in the ww.wp.xz.cn Plugin Directory.”, which is pretty much the opposite of what it should say. I was almost about to uninstall, because I thought the plugin is not working at all… 🙂

Correct translation from a native:
Es gibt keine installierten Plugins, die im Plugin-Verzeichnis von ww.wp.xz.cn fehlen.

https://translate.google.com/?ie=UTF-8&hl=de&client=tw-ob#de/en/Es%20gibt%20keine%20installierten%20Plugins%2C%20die%20im%20Plugin-Verzeichnis%20von%20ww.wp.xz.cn%20fehlen.

Cheers,
ddaum

Viewing 4 replies - 1 through 4 (of 4 total)