[wp-trac] [WordPress Trac] #13118: wp-login.php and wp-admin folder location/name choice during the installation
WordPress Trac
noreply at wordpress.org
Wed Mar 13 16:58:16 UTC 2013
#13118: wp-login.php and wp-admin folder location/name choice during the
installation
-------------------------------------------------+-------------------------
Reporter: MSNexus | Owner: dd32
Type: enhancement | Status: reopened
Priority: normal | Milestone:
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: wp-login wp- |
admin,wordpress,secure,more |
-------------------------------------------------+-------------------------
Changes (by carlocapocasa):
* status: closed => reopened
* cc: carlocapocasa (added)
* type: feature request => enhancement
* version: 2.9.2 =>
* keywords: wp-login,wp-admin,wordpress,secure,more => wp-login wp-
admin,wordpress,secure,more
* resolution: wontfix =>
Comment:
While "security by obscurity" is indeed a house of cards, it has been
confused in this thread with "obscure url", which is actually a perfectly
valid security technique that is just as good as using a password. Only
the name is similar, not the concept; "obscure URL" is equivalent to
including a security token in a REST API call.
To make it work, the obscure URL component needs to be chosen like a
strong password. Examples:
No additional security:
http://my-site.com/my-wp-admin
http://my-site.com/admin
http://my-site.com/nancy-admin
Full additional security layer:
http://my-site.com/wp-admin-1m1f9ioz8hr3qljr
http://my-site.com/admin38wtfet39nz5rubh
http://my-site.com/o1b7uv8n7twdcrpb
Of course it would be a perfectly sound management decision to keep this
on 'wontfix' to avoid the risk of breaking things or to focus the labor
elsewhere, but the commenter thinks it would be a great idea to re-
evaluate the decision in those terms and weigh it against the benefit of
having the option of using "obscure url" instead of baseauth (or
additionally), given the two provide equivalent security.
Pros of obscure url:
* Less hassle for users than baseauth, good for "friendly security"
* Can be implemented without admin access, lowers the barrier for small
companies or individual bloggers to harden their install
* Can be done in addition to baseauth and the regular login if desired
* Bots give up without trying to brute-force the login, reduces log spam
Cons of obscure url:
* Implementors need to know how to chose the URL, the same way they need
to know how to chose a strong password
* Users need to know they must keep the admin URL secret, the same way the
need to know they must not share their passwords
* The browser keeps the secret URL in history by default, so users need to
know to delete their history on public computers, just like they need to
know they should't allow their passwords to be saved on public computers
* Oddly, it is not a very widely known technique except for APIs, so a
little explaining might be required along the way.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/13118#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list