[wp-trac] [WordPress Trac] #42701: admin login & user login, errors & brute force login.
WordPress Trac
noreply at wordpress.org
Sun Nov 26 13:02:58 UTC 2017
#42701: admin login & user login, errors & brute force login.
----------------------------+----------------------------------------------
Reporter: udhaya1708 | Owner:
Type: feature | Status: closed
request | Milestone:
Priority: normal | Version: 4.9
Component: Login and | Resolution: wontfix
Registration | Focuses: ui, administration, performance
Severity: normal |
Keywords: |
----------------------------+----------------------------------------------
Changes (by Clorith):
* status: new => closed
* resolution: => wontfix
* milestone: Awaiting Review =>
Comment:
Hi there, and welcome to WordPress Trac.
You are correct that a lot of sites get targeted by brute force attacks
every day, this is unfortunately not a pure WordPress issue, but something
that happens against any login system out there.
Protecting against it via PHP code is quite ineffective and can cause
heavy loads to a site (so bad in fact that they can take down your site
just by a security plugin protecting against it), even if WordPress
implemented a way to move the admin area, your site would still load on
every attempt at the old address.
Basically, brute force attacks should be handled by your host, they can do
it at a higher level where it won't affect your site.
As for allowing you to move the admin area, this has been brought up a few
times before, the problem with this is that plugins and themes rely on
files within the admin area, often in ways where if we allowed moving it,
they would all break, as the fixed location isn't at its core an issue if
your host puts up some safeguards, I don't see a need for it
unfortunately.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42701#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list