Hiding Wordpress app login page create backup problem
-
@murgero As far as I know, Wordpress does have 2FA when Cloudron is in charge of user management, but I most often let Wordpress have separate user management, as I don't want a bunch of wordpress users having to create cloudron-accounts.
There are other reasons not to use 2FA, and reasons to use it, but that is another discussion.
@girish would it not be better to have the health check point to some other file in wordpress, other than
/wp-login.php
? As it is now, it actually limits users freedom to chose their own way of protecting their blog. -
@stoccafisso Yes, let me look into if there is any other end point we can poll instead of the admin page. Maybe we can poll some css/js asset file.
-
I am also experiencing this issue. I'm guessing you are using "WPS Hide Login"? The workaround I've found is to use "Hide My WP Ghost – Security Plugin". It's not as lightweight or simple but it only changes access to the login which still allows cloudron to do its thing and change the login path effectivly. Hope that helps.
-
Ideally we would have a distinct /healthcheck route to call the app and it would report its status. As @girish mentioned we used to use / to simply check if the site/blog works, but besides non public sites, this also interfered with visitor stats on various plugins.
Does anyone here have any better recommendation or idea which route we could poll here?
-
@murgero not really sure what you mean by this. What we need is some URL which responds with an 200 or 300 http status code. This can be anything, a HTML file other assets or a REST api. So far it seems the ones we have chosen for WordPress always have some side-effects.
-
@murgero Thanks for your suggestion! I have put the new healthcheck url in https://git.cloudron.io/cloudron/wordpress-app/commit/45dc91cd7868bd2e66ea726f0968c4752279812e . Will push out the update slowly and see if it causes any issues