[wp-trac] [WordPress Trac] #25810: Add nonce to wp-login.php
WordPress Trac
noreply at wordpress.org
Mon Nov 4 16:35:33 UTC 2013
#25810: Add nonce to wp-login.php
-----------------------------+----------------------
Reporter: strangerstudios | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Security | Version:
Severity: normal | Resolution: invalid
Keywords: |
-----------------------------+----------------------
Comment (by adamsilverstein):
This might just cause the bots to load each page before submitting to get
the correct nonce, potentially increasing server load.
It would stop the current strain of brute force attacks where bots hit the
login page repeatedly trying common logins. If the bots had to have a
valid nonce, they would have to load the login page before submitting
their login attempt, potentially slowing down the process and also
potentially increasing load on the server.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25810#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list