설명
This plugin will hide WordPress Admin (/wp-admin/) when a user isn’t logged in. If a user isn’t logged in and they attempt to access WP Admin directly, they will be unable to and it will return a 404. It can also rename the login URL.
Also, you can add HTTP authentication directly from WP Admin and add custom username/password combinations for the HTTP auth or use the WordPress credentials.
This doesn’t touch any .htaccess files or change the WordPress core files. All the CSS/Images under /wp-admin/ are still accessible, just not the .php ones.
If you enable HTTP authentication, it will add HTTP authentication to the PHP files in /wp-admin/.
To contribute to the development, check out the GitHub Repository.
설치
- Upload
/lockdown-wp-admin/to the/wp-content/plugins/directory - 워드프레스의 ‘플러그인’ 메뉴에서 플러그인을 활성화하세요.
- Navigate to the “Lockdown WP” menu
FAQ
- Installation Instructions
-
- Upload
/lockdown-wp-admin/to the/wp-content/plugins/directory - 워드프레스의 ‘플러그인’ 메뉴에서 플러그인을 활성화하세요.
- Navigate to the “Lockdown WP” menu
- Upload
- How can we add files to the white list to hide from the public eye? We want to have AJAX and use a custom file, but we can’t because it hides it from the public.
-
You can add a file using the ‘no_check_files’ filter. Use this:
function add_my_cool_filter($data) { // You have to accept the $data argument or else it will cause a system meltdown ;) $data[] = 'my-file-name.php'; // JUST the file name. return $data; } add_filter('no_check_files', 'add_my_cool_filter');Simple.
- How can I get back in if Lockdown WP Admin locked me out?
-
You can create a .txt file named ‘disable_auth.txt’ in your
wp-content/plugins/lockdown-wp-admin/folder (The file location would be/wp-content/plugins/lockdown-wp-admin/disable_auth.txt). We don’t care about the content but that will disable the HTTP Auth and whatever was locking you out of your site.
후기
기여자 & 개발자
변경이력
1.0
- 초기 릴리즈
1.0.1
- Fixed a link to a broken file
1.1
- Fixed a bug on activating the plugin network wide, we disabled network wide activation.
- Cleaned up the plugin and prevented a double loop of the HTTP check, unnecessary.
1.2
- Cleaned up more code.
- Security fixes that will prevent somebody from possibly hijacking your website. (Props Jon Cave)
1.3.1
- Added the ability to change the login URL entirely. It will disable /wp-login.php and give it whatever you want to make it.
1.4
- Fixed a bug with user’s with a index.php base
- Added stats for us to collect about about URL setup and server configuration for our users. This will let us make the plugin even better.
- Fixed bug for having private user management in WP Admin
1.4.2
- Bug fixes
- Added
admin-ajax.phpto the files that we permit to be access in wp-admin.
1.6
- Added way to get back into WP-ADMIN if locked out (See the FAQ)
1.7
- Removed the stats that were collected to that we could understand the issues that users were having with the plugin.
1.8
- Finally discovered why so many users had HTTP authentication errors. Fixed it to support almost 80% of hosts out there.
- If you still have problems, shoot me an email.
1.9
A very late update, sorry! Worked to fix many issues with the admin bar and the “get_current_screen()” error. If you still see issues, please contact me!
2.0
- Provided a system dump to help in debugging issues that may arise.
- Fixes a issues on the 404 page under 3.5.1 (
get_current_screen()) - Cleanup, cleanup!
2.0.1
- Bug fix by Michal Krause
2.0.2
- Query string detection bug fix by James Bonham
- Issues with WordPress in a sub-directory
2.1
- Unit Testing! Unit Testing ensure more reliable code going forward
- Support for WordPress 3.6
- General Cleaning
2.2
- Fixing issues with other plugins
- Support tested for 3.9
- Large code structure changes. If you are extending the
Lockdown_Managerat all, you should basically check the class anew since it was separated into Admin and Application services.
2.3
- Fixing issues with latests WordPress Version
- Cleaning of code, enhancements.
- Localizing all the strings.