HC Custom WP-Admin – 403 error

Home Forums BulletProof Security Free HC Custom WP-Admin – 403 error

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #15719
    Mark McRae
    Participant

    I have tried to install HC Custom WP-Admin plugin and your plugin. The two plugins don’t play together. I am trying to hide my wp-admin page using HC Custom WP-Admin cause I am getting locked out by hosting company. They seem to be very proactive when it comes to brute force attack.

    I switch to default mode  on root and wp-admin folders and installed HC Custom WP-Admin.  I changed the wp-admin slug to my secret slug and logout. I log back into my secret slug with no problem. I reactivate secure .htaccess on root and wp-admin folders and logout and try to log back into my secret slug and I get a 403 error. I then tried to log into wp-admin url and it let’s me right in. Any ideas of what I should try to get this plugins to coexist?

    #15721
    AITpro Admin
    Keymaster

    I will test this plugin and post the results.  Probably take about 15 minutes to find out the issue and solution.
    Or if you are interested you can do the exact same thing with this code in the link below.

    Simple Query String Login page protection
    http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/

    …or use this plugin: Stealth Login Page, which does the same thing and has been tested with BPS and there are no issues between the 2 plugins.
    https://wordpress.org/plugins/stealth-login-page/

    #15723
    AITpro Admin
    Keymaster

    I could not get this plugin to work with BPS or without BPS.  I can see what the plugin is doing and logically see what would need to be done, but I cannot verify if that actually works because I cannot get this plugin to work at all on a XAMPP test site.

    I used the slug “test” for testing. Replace “test” with your actual string.

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteRule ^test/?$ /wp-login.php [QSA,L]

    1. Logically you would copy the WP REWRITE LOOP START .htaccess code from your root .htaccess file and paste it into this BPS Custom Code text box: CUSTOM CODE WP REWRITE LOOP START: Add www to non-www/non-www to www code here
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    These PHP Errors may or may not have something to do with why the plugin will not work on my XAMPP test site:

    [20-Jun-2014 21:43:24 UTC] PHP Warning:  file(C:\xampp2\htdocs16\demo9/.htaccess): failed to open stream: No such file or directory in C:\xampp2\htdocs16\demo9\wp-content\plugins\hc-custom-wp-admin-url\hc-custom-wp-admin-url.php on line 137
    [20-Jun-2014 21:43:24 UTC] PHP Warning:  implode(): Invalid arguments passed in C:\xampp2\htdocs16\demo9\wp-content\plugins\hc-custom-wp-admin-url\hc-custom-wp-admin-url.php on line 137
    [20-Jun-2014 21:43:26 UTC] PHP Warning:  file(C:\xampp2\htdocs16\demo9/.htaccess): failed to open stream: No such file or directory in C:\xampp2\htdocs16\demo9\wp-content\plugins\hc-custom-wp-admin-url\hc-custom-wp-admin-url.php on line 137
    [20-Jun-2014 21:43:26 UTC] PHP Warning:  implode(): Invalid arguments passed in C:\xampp2\htdocs16\demo9\wp-content\plugins\hc-custom-wp-admin-url\hc-custom-wp-admin-url.php on line 137
    #15725
    Mark McRae
    Participant

    I will give your suggestions a try and let you know how it turns out. Thanks for your input.

    #15726
    Mark McRae
    Participant

    My rewrite section in the root .htaccess looks like the following:

    # If you edit the BULLETPROOF .50.1 >>>>>>> SECURE .HTACCESS text above
    # you will see error messages on the BPS Security Status page
    # BPS is reading the version number in the htaccess file to validate checks
    # If you would like to change what is displayed above you
    # will need to edit the BPS /includes/functions.php file to match your changes
    # If you update your WordPress Permalinks the code between BEGIN WordPress and
    # END WordPress is replaced by WP htaccess code.
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteRule ^mysecret/?$ /wp-login.php [QSA,L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress

    I am still getting the 403 forbidden error. Any other ideas or if you can tell me anything else to try?

    #15728
    AITpro Admin
    Keymaster

    This plugin removes/deletes all BPS security code from the root .htaccess file…which is a bad way to just add 1 line of code into the root .htaccess file. Instead of deleting all security code in the root .htaccess file the much better method to add 1 line of code would have been to do a preg_match for the standard WordPress rewrite lines of code and then a preg_replace so that only the 1 line of code that this plugin should be adding is added instead of deleting everything else just for 1 line of code. Bad logic/method. ;).

    1. Copy the BPS WP REWRITE LOOP START code to BPS Custom Code and add the RewriteRule ^mysecret/?$ /wp-login.php [QSA,L] line of code.
    2. Click the Save Root Custom Code button.
    3. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    #15732
    Mark McRae
    Participant

    Actually at this point I trust your secure solution. Is there a way for you to incorporate this type of functionality into your plugin?

    #15733
    AITpro Admin
    Keymaster

    Yes, it will eventually be added to BPS, but not in the next version – BPS .50.2 is in DEVLOCK (means no more goodies added in that version).  Maybe the version after that?

    #21226
    AITpro Admin
    Keymaster

    This question came up again here:  https://wordpress.org/support/topic/error-404-not-found-44?replies=2#post-6628538
    I retested the HC Custom WP-Admin URL plugin on a test site and it does now work.

    Steps to add the HC Custom WP-Admin URL .htaccess code to BPS Custom Code:

    The HC Custom WP-Admin URL plugin creates this htaccess code below at the bottom of your root .htaccess file when you add and save your WP-Admin slug on the WordPress Permalinks page.

    Note: In this example I am using “example” for the name of the WP-Admin slug.

    # BEGIN WordPress
    
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteRule ^example/?$ /wp-login.php [QSA,L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    
    # END WordPress

    1. Save this line of code: RewriteRule ^example/?$ /wp-login.php [QSA,L] and delete the rest of the HC Custom WP-Admin URL plugin .htaccess code from the root htaccess file.
    2. Copy this BPS root htaccess code below and paste it into this BPS Custom Code text box: CUSTOM CODE WP REWRITE LOOP START: www/non-www http/https Rewrite code here

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]

    3. Edit that code you just copied to the BPS Custom Code text box and add the line of .htaccess code that you saved in step 1 as shown below.

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteRule ^example/?$ /wp-login.php [QSA,L]

    4. Click the Save Root Custom Code button.
    5. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

Viewing 9 posts - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.