[wp-trac] [WordPress Trac] #24673: provide mainline supported rename of wp-login
WordPress Trac
noreply at wordpress.org
Tue Apr 1 05:59:15 UTC 2014
#24673: provide mainline supported rename of wp-login
--------------------------+-----------------------
Reporter: jorhett | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone:
Component: Security | Version: 3.5.2
Severity: critical | Resolution:
Keywords: close | Focuses:
--------------------------+-----------------------
Comment (by jorhett):
knutsp: The debate suffers because you have again switched tactics and now
play the offended victim.
The entire purpose of this ticket was to stop the botnet. That was the
cause for the ticket to be opened, if you were to read up. You have made
numerous claims about what will or will not improve security, and as it
turns out you have no basis for these claims (as I predicted). The debate
will not suffer by your absence ;-)
Can we now discuss actual solutions to the botnet?
Nacin: your statement " This proposal cannot be squared with having a
public API available to the world's applications to consume data from
WordPress sites." holds no water. You could quite easily have a customized
REST endpoint which is stored in the local DB and utilizes a 32bit UTF-8
charset which would be beyond the reasonable means of most botnets, and
absolutely beyond what I have witnessed from botnets to date. The same
endpoint could be registered in any browser, tablet, etc which needs
access. So to your point, a dashboard which uses a REST endpoint would be
EASIER to secure than your current implementation.
And back to now: the ability to shift the current login endpoint would
provide a temporary respite while you build out the REST interface...
--
Ticket URL: <https://core.trac.wordpress.org/ticket/24673#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list