New to the community? Start here

[The Hub] Prevent admin access

1

My idea is to have access to the sites you manage only via the hub, i.e. an option to completely disable wp-admin access with a redirect or some other method so that the admin is only accessible via the hub.

This might also form part of Defender?

Thanks

Fri, 7 Jan 2022 7:44:27
More Defender Pro discussions
Defender Pro
  • David
    • Site Builder, Child of Zeus

    Hello, WebAcumen
    It’s a Defender functionality, called “mask login area”, where you can set something different from /wp-admin (like yoursite.com/start) and you can also choose what to do with accesses to /wp-admin (I do choose to redirect it to homepage to avoid 404 errors).
    It’s really effective against brute-force login bots and also against two-legged animals. It’s also nice for my customers with admin or store owner access, as they can use a login url that makes sense for them.
    Hope it helps!

    Dave

  • WebAcumen
    • Site Builder, Child of Zeus

    Hi David

    That is awesome, thanks for the advice!

    I would however still request for the feature to be considered, but as a complete shutdown of WordPress access other than via the Hub, for those who would prefer to use it, especially in cases where no one accepts you and your team manage sites, as in the client themselves need no access, so there is no need for the wp-admin logins existing.

    Thanks

  • Kris Tomczyk
    • Ex Staff

    Hi

    As Álvaro Novais said this will be possible only with the masking login area in Defender and it fully covers your request. With masking login, only you as admin know the login page URL, and if another person/client will try to access the wp-admin URL, it will be simply redirected to the home page (you can set up this in Defender as well.) In the end, using SSO from the WPMU DEV Dashboard plugin you will be able to log in to any site from HUB (each site has its own custom login slug via Defender) and HUB will know what is the custom login.

    Kind Regards,
    Kris

    • Álvaro Novais
      • DEV MAN’s Sidekick

      Hi Kris

      I understand, I already do this, but we are in a different line of thinking, the feature would be to block any access to the Dashboard through links, even being masked and allow login only using SSO by The Hub. I believe this is not possible, but it would be interesting if it were.