Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    SOLVED Hiding Wordpress app login page create backup problem

    WordPress (Managed)
    wordpress
    6
    13
    230
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stoccafisso last edited by girish

      Hi all

      In wordpress app I use a plugin to hide the login page /wp-admin and /wp-login.php. Accessing these pages will then give the user a 404

      BUT, it seems cloudron is sending a form of beacon signal to the wordpress app login page, to figure out if the app is up working or not. As cloudron does not find the login page, it detect it as an error and state in the cloudron admin panel that the app is "Not responding", even though the wordpress app is running fine.

      It may look like this also prevents cloudron from creating automatic backups of the app, even if it is configured to do so. Manual backup seems to work though.

      M 1 Reply Last reply Reply Quote 2
      • M
        murgero App Dev @stoccafisso last edited by

        @stoccafisso Any reason why you would want to hide the login page? If for security, just enable 2FA on the blog instead. Still very secure and will allow Cloudron to check it properly still.

        S 1 Reply Last reply Reply Quote 0
        • girish
          girish Staff last edited by

          @stoccafisso Indeed, the health check URL is configured to poll /wp-login.php. We used to use the / before but that didn't work for protected blogs.

          1 Reply Last reply Reply Quote 0
          • S
            stoccafisso @murgero last edited by

            @murgero As far as I know, Wordpress does have 2FA when Cloudron is in charge of user management, but I most often let Wordpress have separate user management, as I don't want a bunch of wordpress users having to create cloudron-accounts.

            There are other reasons not to use 2FA, and reasons to use it, but that is another discussion.

            @girish would it not be better to have the health check point to some other file in wordpress, other than /wp-login.php? As it is now, it actually limits users freedom to chose their own way of protecting their blog.

            1 Reply Last reply Reply Quote 0
            • girish
              girish Staff last edited by

              @stoccafisso Yes, let me look into if there is any other end point we can poll instead of the admin page. Maybe we can poll some css/js asset file.

              1 Reply Last reply Reply Quote 0
              • affinity
                affinity last edited by

                I am also experiencing this issue. I'm guessing you are using "WPS Hide Login"? The workaround I've found is to use "Hide My WP Ghost – Security Plugin". It's not as lightweight or simple but it only changes access to the login which still allows cloudron to do its thing and change the login path effectivly. Hope that helps.

                M 1 Reply Last reply Reply Quote 0
                • M
                  murgero App Dev @affinity last edited by

                  @affinity a custom .htaccess could be slapped into the wordpress directory to deny /wp-admin to unknown IP's.

                  1 Reply Last reply Reply Quote 0
                  • nebulon
                    nebulon Staff last edited by

                    Ideally we would have a distinct /healthcheck route to call the app and it would report its status. As @girish mentioned we used to use / to simply check if the site/blog works, but besides non public sites, this also interfered with visitor stats on various plugins.

                    Does anyone here have any better recommendation or idea which route we could poll here?

                    M 1 Reply Last reply Reply Quote 1
                    • M
                      murgero App Dev @nebulon last edited by

                      @nebulon xmlrpc php using a blank call?

                      1 Reply Last reply Reply Quote 0
                      • nebulon
                        nebulon Staff last edited by

                        @murgero not really sure what you mean by this. What we need is some URL which responds with an 200 or 300 http status code. This can be anything, a HTML file other assets or a REST api. So far it seems the ones we have chosen for WordPress always have some side-effects.

                        M 1 Reply Last reply Reply Quote 0
                        • M
                          murgero App Dev @nebulon last edited by

                          @nebulon Maybe use https://site-url/wp-includes/version.php it doesn't return anything, but HTTP 200 is the status of the call. Maybe worth a look.

                          rmdes 1 Reply Last reply Reply Quote 1
                          • rmdes
                            rmdes @murgero last edited by

                            @murgero also thinking hitting the version file could be the best way to approach this..for some reasons the login or the / does not provide a stable way to do this...even on basic WP image without plugin interference on my case.

                            1 Reply Last reply Reply Quote 0
                            • girish
                              girish Staff last edited by

                              @murgero Thanks for your suggestion! I have put the new healthcheck url in https://git.cloudron.io/cloudron/wordpress-app/commit/45dc91cd7868bd2e66ea726f0968c4752279812e . Will push out the update slowly and see if it causes any issues

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post