Another major update with a short delay, I appreciate that, don’t you? And only 2 new features, one of which is just an option for an existing module, and that module is also a standalone plugin now.
SecuPress 2.5
Makeshift — this is not a “Mark” this time —, does exist only in Earth-38264 universe and has been made by Tony with scraps here and there when his manor was attacked by A.I.M. (Advanced Idea Mechanics).
Ironman in Makeshift
The idea of this version, which was only supposed to be 2.4.1 because it contained some non-critical fixes, has finally evolved into a major 2.5 with the slight modification of the Move Login module (aka Move Login, we’ll talk about it right after), coloured notifications in plugins and the addition of a Honeypot option in this same module.
Right after
A little background. The idea of the Move Login module doesn’t belong to anyone; the idea of moving, hiding, or making the login page secret has existed since authentication first appeared on the web. But the way it’s implemented is more personal.
Grégory Viguier created the plugin “SF Move Login” back in 09/2013 which modifies the .htaccess file of your website under Apache to redirect on an error, another page or the good one.
old banner
3 years later, I implement this module in SecuPress 1.0, then in v1.3.1 in august 2017, I recode the dev to remove the need of modifying the .htaccess, everything is done inPHP.
And now, in november 2025, the plugin “SF Move Login” becomes “SP Move Login” thanks to Greg who lead it to me after 3 years without updates.
I keep Greg’s idea of the old car and its trailer 🙂 Blender Render or IA? I’ll let you guess.
So I modify his plugin to include my way of doing things, with the SecuPress UI Style (but Blue instead of Green) and I handle a seamless migration between SP Move Login v2.6 or SecuPress 2.5, any of these 2 knows how to migrate the data 😉
move login 2.6
Honeypot
A Honeypot is a page designed to trick an attacker into thinking they’ve succeeded when they shouldn’t have. In this case, it’s the login page; we will use the default WordPress page (really need a screenshot?). Once the login attempt is launched, their IP address is instantly banned. Bingo.
Le pot de miel
Small details, this option is only available with Expert mode enabled (see SecuPress v2.3) and if your site only got Administrator accounts.Why ? Because every other person will still try to login on wp-login.php or /wp-admin/ and they will hav the login page, even if it’s an error, so they will be banned? Clients of yours? Imagine the frustration (and my support !), so this is why.
Color Code
A new, simple option in the plugins and themes menu (below the vulnerable plugin detection module) allows you to add color-coded notices indicating when an update has been available. These can help you prioritize updates. This was a customer request.
colored notices
IMP
I mean “Improvements“, not Imp 😈.
The first thing you’ll notice is the dashboard widget, which finally has a proper look, a “design” as best I could, with Claude’s help to make it look clean. And at the same time, this data is now displayed monthly, and a graph (which can be disabled) lets you see the progress for each type of attack blocked.
widget!
The other improvement comes from Move Login and may still interest you, because it now displays the other slugs of pages that should not be found. I don’t allow you to configure them; it’s almost useless, even if Greg’s version did it. We’ll see if I change my mind with feedback from people who use it!
movelogin sp
FIX
* Fixed: JavaScript error when the Antispam Comment Timer module is active
* Fixed: Fixed custom role validity in some cases
* Fixed: Warning regarding the undefined SECUPRESS_INSTALLED_MUPLUGINS constant
* Fixed: Warning when our remote database is inaccessible
* Fixed: Unable to update passwords when Passwordless is active, even if your role is not targeted or if module activation has not yet been validated
* Fixed: Unable to open change logs in the iframe popup of the plugins.php page when the “Prevent actions on plugins” option is enabled.
A 2.6 version is therefore in development and contains what was planned for 2.5: login blocking via geolocation, and a 2.7 version with AI is coming for better malware detection.</spoiler> See you in a month, or in January then?
