[wp-trac] [WordPress Trac] #24673: provide mainline supported rename of wp-login

WordPress Trac noreply at wordpress.org
Tue Apr 1 19:50:54 UTC 2014

#24673: provide mainline supported rename of wp-login
 Reporter:  jorhett       |       Owner:
     Type:  defect (bug)  |      Status:  closed
 Priority:  normal        |   Milestone:
Component:  Security      |     Version:  3.5.2
 Severity:  critical      |  Resolution:  wontfix
 Keywords:  close         |     Focuses:

Comment (by TobiasBg):

 jorhett, I appreciate your efforts of trying to make the internet a safer
 place, and I acknowledge your experience with botnets. I even agree that
 moving/changing the wp-login URL to something secret can help a site to
 reduce botnet attacks, if it's done right.
 However, I also think that this suggestion is no "one-size-fits-all"
 solution, and that potential issues that this could cause for
 inexperienced users far outweigh the benefits -- even if it were not a
 mandatory but an optional feature. Most sites (especially those with many
 authors/editors) just won't work with a secret login URL that no user can
 remember. They will then simply choose common URLs like "admin",
 "backoffice", or whatever, so that we are back at the initial problem.

 Due to those mentioned drawbacks, this approach simply is not suitable for
 general inclusion into the WordPress core.
 With 2FA and HTTP Auth, two popular and working mechanisms for increasing
 protection against botnets have been mentioned in this ticket. Besides
 that, there are plugins available to change the login URL, so any admin
 who is worried about botnet attacks is free to install those.

Ticket URL: <https://core.trac.wordpress.org/ticket/24673#comment:34>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list