[wp-trac] [WordPress Trac] #24673: provide mainline supported rename of wp-login

WordPress Trac noreply at wordpress.org
Tue Apr 1 16:06:10 UTC 2014


#24673: provide mainline supported rename of wp-login
--------------------------+----------------------
 Reporter:  jorhett       |       Owner:
     Type:  defect (bug)  |      Status:  closed
 Priority:  normal        |   Milestone:
Component:  Security      |     Version:  3.5.2
 Severity:  critical      |  Resolution:  wontfix
 Keywords:  close         |     Focuses:
--------------------------+----------------------

Comment (by jorhett):

 Replying to [comment:26 SergeyBiryukov]:
 > I'd argue that an authentication request is less expensive than a 404
 error page on most sites (3 simple queries vs. 25 or more potentially
 complex ones, depending on the theme).

 Is anyone here able to make a technical argument?  Or must you all resort
 to false dilemmas due to the lack of any other way to argue?

 1. It would be trivial to replace the current attack points with very low
 cost responses.

 2. I'd be deeply interested in seeing this reality SergeyBiryukov lives
 in, where an uncached authentication request is less expensive than an
 answer from cache. Do please do some testing before you make such a claim
 as this.

 FWIW: I will hereby take the "wontfix" action which you have supplied, and
 the contents of this thread, and turn it over to the lawyers who requested
 that reasonable efforts be taken to engage with the authors of the botnet
 host providers. You have clearly delineated that:

 1. No technical solution, only false dilemmas, will be evaluated.

 2. You have no interest in stopping this botnet.

 It has been growing for years, and this issue in particular has been open
 for nine months, and there hasn't been a single considered, thoughtful
 response on the topic. I believe you have set the stage quite well for
 liability to be applied to you.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/24673#comment:29>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list