[wp-trac] [WordPress Trac] #24673: provide mainline supported rename of wp-login

WordPress Trac noreply at wordpress.org
Tue Jul 2 14:36:57 UTC 2013


#24673: provide mainline supported rename of wp-login
--------------------------+----------------------
 Reporter:  jorhett       |       Owner:
     Type:  defect (bug)  |      Status:  closed
 Priority:  normal        |   Milestone:
Component:  Security      |     Version:  3.5.2
 Severity:  critical      |  Resolution:  wontfix
 Keywords:                |
--------------------------+----------------------
Changes (by nacin):

 * status:  new => closed
 * resolution:   => wontfix
 * milestone:  Awaiting Review =>


Comment:

 I don't think we'd want to do this. A plugin or sysadmin can do so if you
 want. There are better ways to prevent denial of service attacks (at both
 the PHP and network level) than this. Give it a few months and such bots
 will get smarter. This arms race will simply damage integrations with
 WordPress (including applications; note mark-k's note re: XML-RPC) and
 expectations of users. WordPress should not have UI options that make
 using WordPress more difficult.

 It is already difficult enough for users to remember URLs like wp-
 login.php and wp-admin, which is partially why we added /admin, /login,
 and /dashboard redirects in 3.5. And especially so if you have multiple
 installs. That would only be made worse with arbitrary locations.

--
Ticket URL: <http://core.trac.wordpress.org/ticket/24673#comment:7>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list