[wp-trac] [WordPress Trac] #24673: provide mainline supported rename of wp-login
WordPress Trac
noreply at wordpress.org
Tue Apr 1 02:39:49 UTC 2014
#24673: provide mainline supported rename of wp-login
--------------------------+-----------------------
Reporter: jorhett | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone:
Component: Security | Version: 3.5.2
Severity: critical | Resolution:
Keywords: | Focuses:
--------------------------+-----------------------
Comment (by nacin):
At some point fairly soon, there's going to be a proper REST API to
replace the existing XML-RPC API. Both of them require centralized
authentication. Over time, a new API is going to be full-featured, and
it'll eventually probably power the WordPress dashboard. This proposal
cannot be squared with having a public API available to the world's
applications to consume data from WordPress sites.
Us playing "pin the tail on the login page" is a terrible experience
that's going to keep users out as much as bots. It's not something we're
going to add to WordPress core. If you want to actually be more secure,
stop screwing around with hiding public URLs and add real two-factor
authentication to your site.
Yes, WordPress is a huge target. We're very cognizant of that. But this
isn't something we're going to add to WordPress core. We have a rich
plugin architecture for exactly this purpose. There's nothing wrong with
discussion continuing here, but the ticket can remain closed for that to
happen.
I would much rather work out a way to bake in two-factor authentication
(with what second factor, I don't know) or some prevention of brute-force
attacks. This has been previously proposed at #24193, but is really,
really difficult to get right at the application level; it should really
be solved at the network/host level instead. Improving the security of
sites is a big challenge but this one is not happening.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/24673#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list