CleanTalk · alexander-b-clean · Apr 22, 2026 · Apr 27, 2026 · Apr 27, 2026 · Apr 27, 2026
diff --git a/inc/spbc-firewall.php b/inc/spbc-firewall.php
@@ -46,14 +46,26 @@ function spbc_firewall__check()
 
     spbc_firewall_check_waf($firewall);
 
-    if ( class_exists('Poppyz_Core') ) { //fix poppyz plugin early start conflict
-        $GLOBALS['wp_rewrite'] = is_null($GLOBALS['wp_rewrite']) ? new WP_Rewrite() : $GLOBALS['wp_rewrite']; // Fix for early load WP_Rewrite
-    }
 
-    $login_url = wp_login_url();
+    add_action('plugins_loaded', function () {
+        if ( class_exists('Poppyz_Core') ) { //fix poppyz plugin early start conflict
+            $GLOBALS['wp_rewrite'] = is_null($GLOBALS['wp_rewrite']) ? new WP_Rewrite() : $GLOBALS['wp_rewrite']; // Fix for early load WP_Rewrite
+        }
+    }, 1);
+
+    $home_url = get_option('home');
+
+    $login_url = $home_url . '/wp-login.php';
     if ( $spbc->settings['login_page_rename__enabled'] ) {
         $GLOBALS['wp_rewrite'] = is_null($GLOBALS['wp_rewrite']) ? new WP_Rewrite() : $GLOBALS['wp_rewrite']; // Fix for early load WP_Rewrite
-        $login_url = RenameLoginPage::getURL($spbc->settings['login_page_rename__name']);
+
+        $slug            = $spbc->settings['login_page_rename__name'];
+        $using_permalink = (bool) get_option('permalink_structure', false);
+        $trailing_slash  = $using_permalink && substr(get_option('permalink_structure'), -1) === '/';
+
+        $login_url = $using_permalink
+            ? $home_url . '/' . $slug . ($trailing_slash ? '/' : '')
+            : $home_url . '/?' . $slug;
     }
 
     // Compare only the path part of URLs to avoid scheme mismatch issues
@@ -74,6 +86,8 @@ function spbc_firewall__check()
             )
         )
     );
+    // The WP_ADMIN constant may not be set yet at the mu-plugins stage.
+
 
     if (
         $spbc->settings['traffic_control__enabled'] &&

diff --git a/security-malware-firewall.php b/security-malware-firewall.php
@@ -5,7 +5,7 @@
 Plugin URI: https://wordpress.org/plugins/security-malware-firewall/
 Description: Security & Malware scan by CleanTalk to protect your website from online threats and viruses. IP/Country FireWall, Web application FireWall. Detailed stats and logs to have full control.
 Author: CleanTalk Security
-Version: 2.178
+Version: 2.178.100-dev
 Author URI: https://cleantalk.org
 Text Domain: security-malware-firewall
 Domain Path: /i18n
@@ -223,22 +223,27 @@
         // protect author login enumeration and password reset confirmation text
         $login_protector = new LoginCollectingProtector($spbc);
         $login_protector->init();
-        if ( is_admin() && spbc_is_user_logged_in() ) {
-            //do this if in admin area and user is logged in - check only admin area (WAF run)
-            if ( ! spbc_firewall_skip_check()) {
-                spbc_firewall_check_admin_area();
-            }
-
-            if ( ! spbc_firewall_skip_check_uploadchecker()) {
-                spbc_upload_checker__check();
-            }
-        } else {
-            //if not in admin area and user is not logged in - check with all modules
-            if ( ! spbc_firewall_skip_check()) {
-                spbc_firewall__check();
+    });
+    if ( is_admin() ) {
+        add_action('init', function () {
+            if ( spbc_is_user_logged_in() ) {
+                if ( !spbc_firewall_skip_check() ) {
+                    spbc_firewall_check_admin_area();
+                }
+                if ( !spbc_firewall_skip_check_uploadchecker() ) {
+                    spbc_upload_checker__check();
+                }
+            } else {
+                if ( !spbc_firewall_skip_check() ) {
+                    spbc_firewall__check();
+                }
             }
+        });
+    } else {
+        if ( !spbc_firewall_skip_check() ) {
+            spbc_firewall__check();
         }
-    });
+    }
 }
 
 // Disable XMLRPC if setting is enabled