Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. WordPress (Managed)
  3. Hiding Wordpress app login page create backup problem

Hiding Wordpress app login page create backup problem

Scheduled Pinned Locked Moved Solved WordPress (Managed)
wordpress
13 Posts 6 Posters 1.1k Views 6 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S Offline
    S Offline
    stoccafisso
    wrote on last edited by girish
    #1

    Hi all

    In wordpress app I use a plugin to hide the login page /wp-admin and /wp-login.php. Accessing these pages will then give the user a 404

    BUT, it seems cloudron is sending a form of beacon signal to the wordpress app login page, to figure out if the app is up working or not. As cloudron does not find the login page, it detect it as an error and state in the cloudron admin panel that the app is "Not responding", even though the wordpress app is running fine.

    It may look like this also prevents cloudron from creating automatic backups of the app, even if it is configured to do so. Manual backup seems to work though.

    murgeroM 1 Reply Last reply
    2
    • S stoccafisso

      Hi all

      In wordpress app I use a plugin to hide the login page /wp-admin and /wp-login.php. Accessing these pages will then give the user a 404

      BUT, it seems cloudron is sending a form of beacon signal to the wordpress app login page, to figure out if the app is up working or not. As cloudron does not find the login page, it detect it as an error and state in the cloudron admin panel that the app is "Not responding", even though the wordpress app is running fine.

      It may look like this also prevents cloudron from creating automatic backups of the app, even if it is configured to do so. Manual backup seems to work though.

      murgeroM Offline
      murgeroM Offline
      murgero
      App Dev
      wrote on last edited by
      #2

      @stoccafisso Any reason why you would want to hide the login page? If for security, just enable 2FA on the blog instead. Still very secure and will allow Cloudron to check it properly still.

      --
      https://urgero.org
      ~ Professional Nerd. Freelance Programmer. ~

      S 1 Reply Last reply
      0
      • girishG Offline
        girishG Offline
        girish
        Staff
        wrote on last edited by
        #3

        @stoccafisso Indeed, the health check URL is configured to poll /wp-login.php. We used to use the / before but that didn't work for protected blogs.

        1 Reply Last reply
        0
        • murgeroM murgero

          @stoccafisso Any reason why you would want to hide the login page? If for security, just enable 2FA on the blog instead. Still very secure and will allow Cloudron to check it properly still.

          S Offline
          S Offline
          stoccafisso
          wrote on last edited by
          #4

          @murgero As far as I know, Wordpress does have 2FA when Cloudron is in charge of user management, but I most often let Wordpress have separate user management, as I don't want a bunch of wordpress users having to create cloudron-accounts.

          There are other reasons not to use 2FA, and reasons to use it, but that is another discussion.

          @girish would it not be better to have the health check point to some other file in wordpress, other than /wp-login.php? As it is now, it actually limits users freedom to chose their own way of protecting their blog.

          1 Reply Last reply
          0
          • girishG Offline
            girishG Offline
            girish
            Staff
            wrote on last edited by
            #5

            @stoccafisso Yes, let me look into if there is any other end point we can poll instead of the admin page. Maybe we can poll some css/js asset file.

            1 Reply Last reply
            0
            • affinityA Offline
              affinityA Offline
              affinity
              wrote on last edited by
              #6

              I am also experiencing this issue. I'm guessing you are using "WPS Hide Login"? The workaround I've found is to use "Hide My WP Ghost – Security Plugin". It's not as lightweight or simple but it only changes access to the login which still allows cloudron to do its thing and change the login path effectivly. Hope that helps.

              murgeroM 1 Reply Last reply
              0
              • affinityA affinity

                I am also experiencing this issue. I'm guessing you are using "WPS Hide Login"? The workaround I've found is to use "Hide My WP Ghost – Security Plugin". It's not as lightweight or simple but it only changes access to the login which still allows cloudron to do its thing and change the login path effectivly. Hope that helps.

                murgeroM Offline
                murgeroM Offline
                murgero
                App Dev
                wrote on last edited by
                #7

                @affinity a custom .htaccess could be slapped into the wordpress directory to deny /wp-admin to unknown IP's.

                --
                https://urgero.org
                ~ Professional Nerd. Freelance Programmer. ~

                1 Reply Last reply
                0
                • nebulonN Offline
                  nebulonN Offline
                  nebulon
                  Staff
                  wrote on last edited by
                  #8

                  Ideally we would have a distinct /healthcheck route to call the app and it would report its status. As @girish mentioned we used to use / to simply check if the site/blog works, but besides non public sites, this also interfered with visitor stats on various plugins.

                  Does anyone here have any better recommendation or idea which route we could poll here?

                  murgeroM 1 Reply Last reply
                  1
                  • nebulonN nebulon

                    Ideally we would have a distinct /healthcheck route to call the app and it would report its status. As @girish mentioned we used to use / to simply check if the site/blog works, but besides non public sites, this also interfered with visitor stats on various plugins.

                    Does anyone here have any better recommendation or idea which route we could poll here?

                    murgeroM Offline
                    murgeroM Offline
                    murgero
                    App Dev
                    wrote on last edited by
                    #9

                    @nebulon xmlrpc php using a blank call?

                    --
                    https://urgero.org
                    ~ Professional Nerd. Freelance Programmer. ~

                    1 Reply Last reply
                    0
                    • nebulonN Offline
                      nebulonN Offline
                      nebulon
                      Staff
                      wrote on last edited by
                      #10

                      @murgero not really sure what you mean by this. What we need is some URL which responds with an 200 or 300 http status code. This can be anything, a HTML file other assets or a REST api. So far it seems the ones we have chosen for WordPress always have some side-effects.

                      murgeroM 1 Reply Last reply
                      0
                      • nebulonN nebulon

                        @murgero not really sure what you mean by this. What we need is some URL which responds with an 200 or 300 http status code. This can be anything, a HTML file other assets or a REST api. So far it seems the ones we have chosen for WordPress always have some side-effects.

                        murgeroM Offline
                        murgeroM Offline
                        murgero
                        App Dev
                        wrote on last edited by
                        #11

                        @nebulon Maybe use https://site-url/wp-includes/version.php it doesn't return anything, but HTTP 200 is the status of the call. Maybe worth a look.

                        --
                        https://urgero.org
                        ~ Professional Nerd. Freelance Programmer. ~

                        rmdesR 1 Reply Last reply
                        1
                        • murgeroM murgero

                          @nebulon Maybe use https://site-url/wp-includes/version.php it doesn't return anything, but HTTP 200 is the status of the call. Maybe worth a look.

                          rmdesR Offline
                          rmdesR Offline
                          rmdes
                          wrote on last edited by
                          #12

                          @murgero also thinking hitting the version file could be the best way to approach this..for some reasons the login or the / does not provide a stable way to do this...even on basic WP image without plugin interference on my case.

                          1 Reply Last reply
                          0
                          • girishG Offline
                            girishG Offline
                            girish
                            Staff
                            wrote on last edited by
                            #13

                            @murgero Thanks for your suggestion! I have put the new healthcheck url in https://git.cloudron.io/cloudron/wordpress-app/commit/45dc91cd7868bd2e66ea726f0968c4752279812e . Will push out the update slowly and see if it causes any issues

                            1 Reply Last reply
                            0
                            Reply
                            • Reply as topic
                            Log in to reply
                            • Oldest to Newest
                            • Newest to Oldest
                            • Most Votes


                            • Login

                            • Don't have an account? Register

                            • Login or register to search.
                            • First post
                              Last post
                            0
                            • Categories
                            • Recent
                            • Tags
                            • Popular
                            • Bookmarks
                            • Search