[wp-trac] [WordPress Trac] #24673: provide mainline supported rename of wp-login
WordPress Trac
noreply at wordpress.org
Tue Apr 1 19:50:54 UTC 2014
#24673: provide mainline supported rename of wp-login
--------------------------+----------------------
Reporter: jorhett | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version: 3.5.2
Severity: critical | Resolution: wontfix
Keywords: close | Focuses:
--------------------------+----------------------
Comment (by TobiasBg):
jorhett, I appreciate your efforts of trying to make the internet a safer
place, and I acknowledge your experience with botnets. I even agree that
moving/changing the wp-login URL to something secret can help a site to
reduce botnet attacks, if it's done right.
However, I also think that this suggestion is no "one-size-fits-all"
solution, and that potential issues that this could cause for
inexperienced users far outweigh the benefits -- even if it were not a
mandatory but an optional feature. Most sites (especially those with many
authors/editors) just won't work with a secret login URL that no user can
remember. They will then simply choose common URLs like "admin",
"backoffice", or whatever, so that we are back at the initial problem.
Due to those mentioned drawbacks, this approach simply is not suitable for
general inclusion into the WordPress core.
With 2FA and HTTP Auth, two popular and working mechanisms for increasing
protection against botnets have been mentioned in this ticket. Besides
that, there are plugins available to change the login URL, so any admin
who is worried about botnet attacks is free to install those.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/24673#comment:34>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list