ArnoldMC77
Regular Member
- May 13, 2018
- 204
- 94
I am trying to change the wp-admin to a custom login link. Previously, I have used plugins but I would prefer to change it without a plugin. Doe anyone have any suggestions?
Changing Wp Admin Without A Plugin
- Thread starter ArnoldMC77
- Start date
- Aug 25, 2012
- 4,867
- 1,042
You need to create a custom plugin in that case, otherwise next WordPress update will ruin all your code edits.
ArnoldMC77
Regular Member
- May 13, 2018
- 204
- 94
That is strange, the programmer that I was working with changed it and I don't see extra plugins. Isn't there a way to hard code it in?
ArnoldMC77
Regular Member
- May 13, 2018
- 204
- 94
That you guys. I am not an advanced coder. I can get by with a little HTML, PHP and Java. I have taken courses at Code Academy. Is there anything courses you can recommend that I can learn specifically to write code for this?
leechesBleechin
Supreme Member
- Feb 16, 2017
- 1,218
- 3,222
That's like going to school for 8 years to be a doctor so you can put a bandaid on a splinter lol. What's wrong with just using the plugin? They're not very heavy weight.
- Sep 10, 2010
- 11,524
- 25,726
Something on "wordpress custom theme" or "make a wp theme from scratch" should help. Try youtube for example. Free tutorials should be enough for getting started.
Plus, wp documentation and stackoverflow are pretty good for specific problems/apis.
ArnoldMC77
Regular Member
- May 13, 2018
- 204
- 94
There isn't anything wrong with it for now. I thought I may be able to write a few lines of code to change it.
Don't get me wrong. I want to learn how to write better code so I can customize my sites better without having to rely on a programmer.
ArnoldMC77
Regular Member
- May 13, 2018
- 204
- 94
Can anyone recommend a good plugin?
- May 30, 2019
- 13,462
- 10,646
WPS Hide Login
Lightweight and easy to configure.
Bots-Scrapers
Elite Member
- Jan 2, 2014
- 4,042
- 1,076
This one.
Best would be build a plugin by reading the available hooks and get the job done or use the child theme method.
It will be straight forward if you understand the structures.
CyHead
Senior Member
- Apr 6, 2009
- 1,035
- 987
Yes - edit the wp-functions file in your current theme, just note that once you do that you won't be able to update the theme, because it will overwrite the code you added - unless you create a child/parent theme.
WP has lots of hooks, so you can just hook into the login routine and redirect it to a URL.
WP has lots of hooks, so you can just hook into the login routine and redirect it to a URL.
Aleksandar916
Power Member
- Nov 29, 2017
- 772
- 1,099
Noob security question to follow up on the subject: How critical is it to hide WP login if you have limit login attempts?
- Sep 10, 2010
- 11,524
- 25,726
Matter of taste. No matter if you are limiting login attempts or not. An alphanumeric sentence with special characters is improbable (notice my choice of word) to crack for any computer out there right now. If you are worried about ddos, then don't be; coz they can ddos your home page too for that matter. Bruteforcing only works with weaker passwords. You should be more concerned about stuffs like sql injection, rfi, lfi and so on. Bruteforcing isn't that big of a deal imho.
Aleksandar916
Power Member
- Nov 29, 2017
- 772
- 1,099
Thanks, that helps and makes me feel better.
This doesn't
and I'm not sure what you said.
- Sep 10, 2010
- 11,524
- 25,726
All simple stuffs!! I just used jargons lol.. let me explain..This doesn't
SQL injection - this one is easy to know more about. Just google it.
RFI - Remote File Inclusion vulnerability. Using these the hackers gain access to your server's file system (ever heard the term c99 shell? Related to this.). Mainly caused by bad upload scripts.
LFI - Local File Inclusion vulnerability. Using this the hacker may read a local file on your server that he is not supposed to. These are generally caused by improper thumbnail scripts and such scripts where the plugin/theme is including a file based on user input.
There are even more..
For example, php's string to object conversion on the fly. This is why weakly typed languages are a pain. As a case.. if you do not properly sanitize your $_GET/$_POST variables, it can get your server hacked.
All the hacker needs to do is send e.g. url.com/somepage?a[]=b instead of url.com/somepage?a=b
BAM, it will break your script. If debug is enabled on your server, your sensitive environment vars, filepaths etc can be leaked.
there are a loooooot more... google it may be
Aleksandar916
Power Member
- Nov 29, 2017
- 772
- 1,099
So let's say that someone did this to a website and months after it seems as if it's still there. Would you know (or someone you know) how to get rid of this problem?
Asking for a friend!
Thanks for the explanation
- Sep 10, 2010
- 11,524
- 25,726
I will tell you a dirty little secret that I have used before. Look for any php file which is more than 30kb. It may actually be a shell. No one in their right mind would make a single file so huge (except for the noobs lol.. dont use those scripts). Additionally there are advanced techniques to prevent these. For example, file versioning systems like git lets you see even if a single char has been changed. You should always use proper permissions too.
You should never trust user input.
When possible, containerize your app using something like docker. That way, even if somebody gets access to the files, they will not be able to do shit.
and there are lots more. Software security is a huge topic. Perhaps I should cover some of the stuffs I know for everyone. Added to my todo list. Watch out for a tutorial in near future.