I am not an expert for mod_rewrite, so I need a big time help. Here is the scenario:
Domain Name: www.example.com
Points To: /www/public_html/
I have a wordpress installation at:
/www/public_html/subfolder/
Now I have two htaccess files, lets call them .h1 and .h2 . I have managed upto now to do this:
When user types www.example.com they are taken to the wordpress homepage in the subdirectory (sweet). In fact everything is hunky-dory besides:
MAIN PROBLEM:
I want to create a custom login URL, say : www.example.com/mylogin
I am able to do the following by setting the following in my .h2
RewriteRule ^mylogin$ wp-login.php
But when I use this URL, it taken me to the login screen but the url in the browser changes to http://example.com/subfolder/wp-login.php
I want the URL that is displayed when the login screen is presented to stay the same as before i.e. http://example.com/mylogin
More precisely, no subfolder name and no wp-login should be displayed. How do I achieve this? Any help would be appreciated.
Your solution doesn’t hide the default login url. It only adds an easier to remember url which redirects to the default url /wp-login.
Without the need for coding you can easily install the plugin Custom Login and Admin URL’s that fixes this weakness.
Caution: This plugin have been tested on a new installation of WordPress and it worked fine. However, most free plugins are unsupported which means they sometimes conflict with other plugins depending on what you have installed. If you have any issues, login to cPanel or FTP and delete the plugin or contact your web hosting provider.
Another Security plugin for WordPress which you may want to take a look at is named Better WP Security. This WordPress plugin offers security settings for WordPress login, registration and admin pages as well as many other anti hacking features to protect your site.
Related
If I browse to my wordpress wp-admin directory, I recall that I used to get redirected to the login page if I was not already logged in. Now I get the standard wordpress page not found error. I'm not aware of changing any configuration that would alter this behavior. Are there things that could have been done to stop the auto redirection from occurring? Or something I need to re-enable or reverse to get that behaviour back?
Yes, generally it is a practice used for security reasons, because you see if I know that you are using Wordpress then I can easily guess all your URLs, login URL, Admin URL, Register URL, etc...
There are some plugins that would do that for you, IThemes is an example.
Themes Security hides common WordPress security vulnerabilities,
preventing attackers from learning too much about your site and away
from sensitive areas like your site’s login, admin, etc.
Changes the URLs for WordPress dashboard areas including login, admin
and more
So the short answer is, yes you can configure it one way or another.
To Undo it, configure it again
I have installed the following WP plugins at my site:
Hide My WP
Wordfence free
All In One WP Security & Firewall (with 410 points)
DNS from CloudFlare (medium settings)
Good global hosting, not cheap.
My Admin name is like "gfutiewf" and login link like: mysite.com/dfwhc.
That´s all okay, today I see again in log:
Anybody at login page try the "gfutiewf" username with bad password...
How? From where he see the login url and admin name?
I'm guessing they were guessing your author ID like so:
http://www.example.com/?author=1
http://www.example.com/?author=2
...
Once found, the WordPress would redirect to:
http://www.example.com/author/myrandomname/
which by default would be your admin name.
One way to solve that would be to change the value of user_nicename column in users table in the database to something else, like 'admin'. That way, the redirect will change to:
http://www.example.com/author/admin/
First off make sure you have the latest version of Hide My WordPress – Security Plugin - currently v1.1.028
Make sure you are not redirecting the old login (ex. wp-login.php to the new login page)
Also are you using Hide My Wp PRO? The current free version only hides the admin and login paths to see if the product is compatible with your WordPress.
To hide all the URLs you need to activate the Ninja mode and the plugin will hide all the paths from your website.
For further help please share your site's name so we can take a look at it.
Hope that helps.
Just recently discovered that neither my client or I can login to our Wordpress website. Here are the details:
Plugins: Contact Form 7, Envira Gallery Lite, Fusion Core (part of avada theme), Updraft Plus, Wordpress SEO, WP Retina 2x, WP Updates Notifier, Login Security Solution, Sucuri Scanner
Initially, the login page was requesting a password reset which is typical if too many false attempts have been made from a single user (part of Login Security Solution) plugin.
We tried to reset via the link in the email sent by wordpress. The new password generated is "invalid" when we try to login after the reset.
I FTP-ed in and changed functions.php to force a password reset. When I login with the new password, the login screen appears to be accepting the password, but rather than loading the dashboard, it loads the login screen again. Our Sucuri plugin emails an alert that the login was successful (which of course, it was not).
Next, I changed the name of all the plugin folders to make sure it wasn't a plugin causing the trouble. Same result.
Then, I looked at my htaccess file. It was overwritten with:
Files *.php deny from all /Files
I restore the htaccess file to it's original code. Still same login behavior.
I look through the rest of the site for other htaccess files. I change the names of htaccess files in the following places in order to disable them:
wp-content
wp-content/uploads
wp-content/uploads/sucuri
wp-includes
Still same login behavior.
Not sure what to try next. Not sure what triggered the problem. I was able to login on 12/22. My odd htaccess file had a modification date of 12/7. Client tried to login on 1/3 and was unable.
Any help would be greatly appreciated!!
I have a website built with Wordpress that has been having permalink issues. A few days ago, I had added a simple file, named qr.php, that I dropped in at the root level (where the wp-content and wp-upload folders reside). It has a script that redirect to pages outside of my website depending on what type of device the user is using. Basically, some one on a Apple device gets redirected to an itunes page, and droid user to the droid app store, etc.
Could this non Wordpress page be causing issues? I have had static or html pages in amonst my root level files before, and never had an issue. I feel like the redirects may change this.
Rather than using the qr.php(cutom redirect file) in your wordpress site. You can use a plugin which will help to redirect the external links.
Some of the plugins which might help you to achieve your purpose are Device Redirect - WordPress Phone &Tablet Redirect , RedirectPlus - Wordpress Mobile Redirect Plugin.
See the screenshots, try demo and check whether it fits your requirement.
No, it dont cause any issue with permalink..
I am also using a wordpress website : abc.com and a php based software integrated to admin folder on root.. And I can access easily abc.com and abc.com/newfolder/abc.php
I have a WordPress installation in a subdomain (http://base.example.com), but I want users to access the front-end from (http://www.example.com). The subdomain is a subfolder within the root of the site. I have copied index.php and .htaccess to the root of my site and changed the path in index.php to point to my subdomain. The website works fine, both the front-end and back-end, but when I login and go to the front-end, I cannot see the admin bar, and it appears as if I am logged out. When I go to wp-admin, I see the admin bar, and I can preform all administration functions as needed. How do I fix this problem so I can see the admin bar on the front-end?
EDIT 2:
You should be able to resolve your issues using the plugin root Cookie. It hasn't been updated in 2 years, but it will fix the problem that you're having. You need the login/authentication cookie to be accessible across subdomains. Follow these directions:
Install and activate the plugin.
Enable subdomain support in plugin settings.
Logout of the WordPress admin.
Login again and check if it works.
The reason that this issue occurs is because when WordPress sets the cookie that says you're logged in, it sets it for the administration domain. That means, when you visit from the non-administration domain, the cookie isn't allowed to be used for authentication due to browser security. This plugin changes the URL for the cookie to allow for use across subdomains, which allows for you to see the admin bar on the front-end.