gusez
Forum Replies Created
-
Forum: Plugins
In reply to: [WPS Hide Login] GoogleWe are on your latest version as of my previous comment’s date.
You likely have/had a tiny handful of users who do not bother to reach out to you due to the push back as in this thread, so it is unsurprising that you are not aware of the issue. We simply added an htaccess rule to constrain the renamed page to the LAN and won’t bother pursuing this topic further, due to the very low probability of anyone wanting to get to the bottom of this. We do not have a need to enter into another extensive back and forth, seeing the energy you put in the push back. [Rolls eyes]
Forum: Plugins
In reply to: [WPS Hide Login] GoogleLet us try once again, but this time pay attention.
Your plugin renames the login page. Supposedly this is done in order to prevent unrelated 3d parties on the Internet from easily accessing that page. So far so good.
However, those unrelated 3d parties somehow learn of each renamed page names, in a matter of only a couple of hours since it is renamed. This defeats the purpose of your plugin.
At least determine how or why they learn of the new value. What leaks the new value to them? Without knowing that, you and your users are open to the same bruteforcing attacks as w/o your plugin.
Am I making sense?
Forum: Plugins
In reply to: [WPS Hide Login] GoogleIron, do you have the same problem?
Today, we registered a direct request for the secret login page, from a random consumer ISP in Eastern Europe.
So, this issue is not isolated to search engines only, as we had initially thought. This is anything but surprising, knowing how eagerly they sell the info.
Forum: Plugins
In reply to: [WPS Hide Login] GoogleToday, I found records of Bing accessing the secret page.
Forum: Plugins
In reply to: [WPS Hide Login] cannot log – 404 page after setting wp-admin as urlThere are 2 ways to recover from a broken plugin (maybe more): move the plugin folder temporarily out of the WP folder structure or trigger recovery mode which will disable all plugins. Google for how to.
Forum: Plugins
In reply to: [WPS Hide Login] GoogleWe changed the login page address again, and now Google bot and Yandex spider came for the new address, within hours. Seriously?
Forum: Plugins
In reply to: [WPS Hide Login] GoogleHey devs,
Are you unable to answer my questions or unwilling to?
This is the most serious security issue with your plugin: an unrelated 3d party learns about the supposedly secret login page address, and it does so within only a couple of hours. This completely defeats the purpose of your plugin. The best course of action for you is to look into this immediately before the community looses trust in your product.