Hide Login WordPress plugin review

Hide Login WordPress plugin

Hide Login

Hide Login is the direct ancestor of the Stealth Login WordPress plugin. Mohammad Hossein Aghanabi (parswp) tries to give it new life after Stealth Login was removed from WordPress repository as updated last time too long ago. In respect to author of original plugin Mohammad left the comment at the begin of hide-login.php file: “This is a new version of Stealth Login plugin by skullbit”. Features list is the same. Short description is available here – Stealth Login WordPress Plugin Review.
I tested new 2.1 version of Stealth Login, Ups!, excuse me, Hide Login plugin under WordPress 3.4.2. It was a pretty fresh WordPress installation. And I can say that Hide Login WordPress plugin worked well for me, but not too long. I discovered that ‘logout’ slug doesn’t lead to the real logout, just redirects to the home page, while you are still left logged in. And this bug was there in original Stealth Login plugin version 1.3 too. Why it was not fixed in the new version?
Then I turned on WordPress permalink usage. I selected ‘post name’ option. And what did I discover after I used direct logout link? I discovered that I could not login to my test blog anymore!
Conclusion: Version 2.1 of Hide Login WordPress plugin works just with empty .htaccess, as it is by default. If you change that and WordPress adds to .htaccess file some of its own rools, Hide Login WordPress plugin totally blocks your login. I do not recommend you to user Hide Login version 2.1 at the live environment as you can meet the serious troubles in a moment. You need to make only one step for that – just turn on WordPress permalink structure usage feature.
Look at the screenshot of Hide Login WordPress plugin support thread below:
Hide Login WordPress plugin support

Hide Login WordPress plugin support

Messages about critical bugs were not answered about 2 months and more. Developer could stop working on this plugin, probably. That’s a pitty, as such additional security layer could be useful for some WordPress blog owners.

  • Jason

    Thank you so much for your helpful warning Vladimir!

    This also the exact issue I had with this Hide Login plugin; it completely locked me out.

    I even went into my File Manager and deleted this plugin, but I was still locked out, so I had to contact my host and even they had difficult time fixing the problem. They had to do a backup of my recent blog, which was a headache because it was a week back backup. After I restore my site, I still had to go into my phpadmin and tediously find all the files associated with this plugin.

    One thing Vladimir, I think it will be helpful if you have a section to categorize all your top recommended plugins and those other ones you’re warning us to stay away.

    I wish I had found this before I even attempted to play with Hide Login.

    Once again, you’re proving a great honest service for us all who we can trust with information like this.

    Thank you Vladimir.

  • Thanks a lot for so good message, Jason, and for suggestion too.
    That’s a pity you had to restore your blog from backup and lose a week data.
    In case it will be useful for someone with WordPress blocked by Hide Login: this plugin could be disabled with one step – open .htaccess file at your WordPress root directory, find there ‘Hide Login’ section and remove it or restore the only .htaccess file from backup copy made before you activated Hide Login plugin.

  • mohammad hossein aghanabi

    Hide Login v3 released. check it out.

  • Thanks for pointing me on a new 3.0 version of your plugin. I will test it and make other review post.

  • My test results:
    Plugin installed and activated. Open “Hide Login Settings” page. Change something. Press “Save Changes”.
    After actions above I got fatal error:

    PHP Fatal error: Call to undefined function check_admin_referer() in /wp-content/plugins/hide-login/hide-login.php on line 81

    I added this code

    if ( !function_exists('check_admin_referer') ) {
    require_once (ABSPATH . 'wp-includes/pluggable.php');

    before line 81 and error was gone. Plugin still doesn’t work:
    – I don’t see any .htaccess output.
    – Logout link send me to the site root. But WordPress installed in a subdirectory, like http://test.my/wp-test/
    http://test.my/wp-test/wp-admin/ leads me to admin backend as always.
    Why did you insert this code

    if ( $_POST['action'] == 'hide_login_update' )

    at very begin of your plugin, but not inside ‘hideSettings()’ function?
    Before plugin activation user should edit his wp-config.php manually. But your troubleshooting instruction says
    – Just deactivate it
    Please add instruction that user should remove those 2 define(…); lines she added to wp-config.php.

  • Anyones knows how to do that with .htaccess