New to the community? Start here

[Defender] Login masking breaks my APP login

On my staging environment I am getting a message appear when I view the login page [ Feature Disabled ]

This happens when the WP Defender Login Masking is enabled. I thought this only affected wp-admin.

I use a 3rd party app for user logins but seems the masking affects the login from the App.

Admin logins work ok from http://www.++++++doodle.com/wp-admin

but my user login area breaks: http://www.+++++doodle.com/login (for our ++++ Doodle users to login to our React web app)

Please note, we’ve disabled login masking currently so you’ll need to enable that to test.

Fri, 23 Aug 2019 18:18:38
More Defender Pro discussions
Defender Pro
  • Nithin Ramdas
    • Support Wizard

    Hi Richard Hill,

    Could I know how the 3rd party React Web APP is configured? Are there any plugins used within the WordPress dashboard regarding this? or it’s entirely separately?

    Apart from /wp-admin, /wp-login.php WordPress also uses /login, /admin as the Login URL slug. So what Defender Pro tries is, it ensures that all related login URLs are masked.

    Is it possible to temporarily rename the /login URL to /mylogin etc in your Web APP, and then check whether you still have issues with accessing the Web App with Defender Masked URL enabled?

    This would be a better idea of where to look at if the issue still exists. Please let us know how that goes, have a nice day ahead.

    Best Regards,

    Nithin

  • Richard Hill
    • Recruit

    Hi Nithin,

    Please see below:

    > Could I know how the 3rd party React Web APP is configured? Are there any plugins used within the WordPress dashboard regarding this? or it’s entirely separately?

    Our system (Mind Doodle) is hosted on G-Cloud, hence WordPress is just hosting a standard login page / no special code/plugins etc. We also have a Mind Doodle visual sitemap & tasks plugin installed, this has nothing to do with the login system – i.e. it is for showing a sitemap and task management.

    > Apart from /wp-admin, /wp-login.php WordPress also uses /login, /admin as the Login URL slug. So what Defender Pro tries is, it ensures that all related login URLs are masked.

    Our system uses <domaiun>/login and I suspect other developers who have implemented their own 3rd party system will also want to use this same URL. Is it possible to configure Defender to ignore this particular login URL? That would be a useful advanced feature to have.

    > Is it possible to temporarily rename the /login URL to /mylogin etc in your Web APP, and then check whether you still have issues with accessing the Web App with Defender Masked URL enabled?

    Yes that worked.

    FYI – ideally I would like to use the /login path because that is indexed into Google and no doubt stored in users bookmarks. Please advise what I can do, b ecause Defneder Login masking looks like a great feature.

    Thanks

  • Ash
    • Code Norris

    Hello Richard Hill

    I am afraid, you can’t overwrite the settings for now. Defender will protect all the default login slug and will make it inaccessible.

    Though, I have also asked the developer if we can exclude the ‘login’ slug somehow and I will let you know once I hear back from them.

    Cheers,

    Ash