[wp-trac] [WordPress Trac] #25810: Add nonce to wp-login.php
WordPress Trac
noreply at wordpress.org
Sun Nov 3 20:25:14 UTC 2013
#25810: Add nonce to wp-login.php
-----------------------------+-----------------------------
Reporter: strangerstudios | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Keywords: dev-feedback
-----------------------------+-----------------------------
Shouldn't we have a nonce on the login page to help against automated
login attempts?
Here is a plugin that adds a nonce to the login page and also lowers the
lifetime of the login nonces to 30 seconds (vs 12-24 hours).
https://github.com/elyobo/wp-login-nonce
We might be able to pull from the plugin code and/or the idea to limit the
nonce length on login. (I haven't personally used the plugin before. The
code is straight forward enough.)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25810>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list