[wp-trac] [WordPress Trac] #24673: provide mainline supported rename of wp-login
WordPress Trac
noreply at wordpress.org
Tue Jul 2 14:36:57 UTC 2013
#24673: provide mainline supported rename of wp-login
--------------------------+----------------------
Reporter: jorhett | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version: 3.5.2
Severity: critical | Resolution: wontfix
Keywords: |
--------------------------+----------------------
Changes (by nacin):
* status: new => closed
* resolution: => wontfix
* milestone: Awaiting Review =>
Comment:
I don't think we'd want to do this. A plugin or sysadmin can do so if you
want. There are better ways to prevent denial of service attacks (at both
the PHP and network level) than this. Give it a few months and such bots
will get smarter. This arms race will simply damage integrations with
WordPress (including applications; note mark-k's note re: XML-RPC) and
expectations of users. WordPress should not have UI options that make
using WordPress more difficult.
It is already difficult enough for users to remember URLs like wp-
login.php and wp-admin, which is partially why we added /admin, /login,
and /dashboard redirects in 3.5. And especially so if you have multiple
installs. That would only be made worse with arbitrary locations.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24673#comment:7>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list