Home › Forums › BulletProof Security Pro › New PHP Warnings related to – Simple Query String Login page protection
- This topic has 4 replies, 2 voices, and was last updated 5 years, 11 months ago by
AITpro Admin.
-
AuthorPosts
-
Josh
ParticipantHi,
Suddenly I’ve noticed the php error log fill with tons and tons of PHP Warning messages related to the “Simple Query String Login page protection” code we got off the BPS website. I have no idea why this suddenly started logging like this. It’s the same code we’ve had in place for a while now and never had anything logged about it. I’m thinking there was a change at the host of from the latest WordPress upgrade.Example Warning Message:
[05-Dec-2017 21:58:01 UTC] PHP Warning: Cannot modify header information – headers already sent by (output started at /home/xxxxxxxx/public_html/wp-login.php:73) in /home/xxxxxxxx/public_html/wp-content/themes/dunn-child/functions.php on line 40Our Query String Code: “I Inserted info where line 40 is”
function hide_login_page_query_string_login() { $QS = '?my_querystring=fubar'; $theRequest = 'https://' . esc_html( $_SERVER['HTTP_HOST'] ) . '/' . 'wp-login.php' . '?'. esc_html( $_SERVER['QUERY_STRING'] ); if ( site_url( '/wp-login.php' . $QS ) == $theRequest ) { // comment this out after testing is completed echo 'Testing: Query string matches'; } else { ***LINE 40 IS HERE*** header( 'Location: https://' . esc_html( $_SERVER['HTTP_HOST'] ) . '/' ); } } add_action('login_head', 'hide_login_page_query_string_login');
Once logged into the backend of WP it seems like each page you goto within the admin dashboard generates several of the same messages in the php error log shown above.
Any idea what we should change in this query string code?
Thanks,
JoshJosh
ParticipantBump…
Any ideas?
I’ve been using the query string code I got off the BPS site for at least a month 1/2. Suddenly after upgrading WordPress and BPS pro to the latest versions (not sure what changed… but this wasn’t happening before), I now have my php error log filling up like crazy with the similar log entires like the one I show in my original post. It seems when I login to the backend of WordPress, anything I click, one of these log entries follows. One session, I had over 100 of these log entries.
I searchdc the BPS forums on “headers already sent”. The only thing I see that becomes possibly applicable would be caching. Unfortunately I uninstalled the LiteSpeed caching pluging and ensured my host had it turned off for the domain in question. So I don’t see how caching is the problem
So I’m kindof at a loss as to… “how” do I fix the issue? It seems like the query string code needs to be modified as that’s what the log is complaining about.
Thanks,
Josh
AITpro Admin
KeymasterSorry for the late reply. We had some wild fires in our area. Fortunately we were extremely lucky. Stressful stuff. Yeah not really sure what might have changed. Honestly you do not need to do any other “form” of login security protection if you are using LSM and JTC. So just delete that additional security measure/code – it is not needed. 😉
Josh
ParticipantNo problem. Hope your house and loved ones are ok. Fires are no joke.
I took your advice and removed that query string code. I just don’t like having a login page at a known location. I’ll get over it. 🙂
Josh
AITpro Admin
KeymasterThank you for your kind words. We got really lucky, but a lot of folks did not. Sending them every bit of goodness/compassion I can. 🙂
-
AuthorPosts
- You must be logged in to reply to this topic.