This is a guest post by Jesse Petersen. Jesse has been using WordPress since 2005 and has seen it grow from something clunky and incredibly geeky into something that deserves the 15%-22% of all sites choose as their platform. It’s an incredible piece of software that has very few limitations when developed by an expert. Jesse is one of those experts.
—–
One of my clients recently started having issues with being locked out of her dashboard with too many failed attempts at her IP address. After 2 weeks of clearing the IP address log (since Limit Login Attempts doesn’t let you release just one address), and changing her login for security’s sake, I headed to Twitter to find a solution from my fellow developers.
One of the features that attracted me to use WP Engine for all of my sites and my clients’ sites is the required plugins and the disallowed plugins. That’s important to me because the security of my client sites could be compromised and performance decreased by simple, innocent plugin choices. Knowing that certain plugins are off-limits gives me peace of mind. This problem was actually going to be solvable with a plugin.
Andrew Norcross gifted me with this gem of a script to add to a theme’s functions.php file to redirect would-be-intruders to an outside URL upon an incorrect login string. For example, if your login was yourdomain.com/wp-admin, you could customize that page to now be accessible only by entering yourdomain.com/wp-login.php?question=answer. That fix worked perfectly.
I installed it in my theme and I saw the Limit Login Attempts log dwindle to ZERO.
After I wrote about the script on my website, Billy Fairbank suggested it be made into a plugin. I quickly obliged and dove into the world of plugin development. With the help of a generous soul on GitHub who forked my project and completed 2 enhancements I was going to research this week, the plugin was approved and made public on April 1st. Probably not the best day to launch something, but it had over 170 downloads in its first 48 hours of being live, so it’s definitely something people want.
You can find it via your dashboard by going to Plugins -> Add New and searching for “Stealth Login Page.” It’s also on the WordPress repository. After you activate it, you can go to the settings page under Settings and you’ll see a very simple set of options: Enable/Disable, the redirect URL, the question, the answer, and an option to e-mail the site admin the new URL string to access the login page (I’ve already had to use that e-mail myself, so I’m glad it’s there).
I have a few other enhancements planned and David Decker has just finished localization for the German version. I hope you enjoy it and use this on all of your sites and clients’ sites
I’ve been using this plugin since the day you released it, Jesse. It’s been absolutely wonderful as it adds an extra layer of security without being intrusive.
Easy to set up and something that anyone who cares about their security should install pronto!
Thanks, Ozzy. I’m glad it’s been useful for you.
Hi Jesse,
I loved your plugin, it helps me to protect and secure my many websites I’ve developed.
However later on, I noticed the plugin is not updated 3 years ago is the last update.
It would be great if you continues developing and updating the said plugin.
Regards,
Sweet plugin idea. I will download this today. Thank you so much for developing it.
This is great, but I noticed that this plugin hasn’t been update in over 2 years. Is there an alternative that WP Engine can recommend?