[wp-trac] [WordPress Trac] #24673: provide mainline supported rename of wp-login

WordPress Trac noreply at wordpress.org
Mon Mar 31 22:48:22 UTC 2014


#24673: provide mainline supported rename of wp-login
--------------------------+----------------------
 Reporter:  jorhett       |       Owner:
     Type:  defect (bug)  |      Status:  closed
 Priority:  normal        |   Milestone:
Component:  Security      |     Version:  3.5.2
 Severity:  critical      |  Resolution:  wontfix
 Keywords:                |     Focuses:
--------------------------+----------------------

Comment (by jorhett):

 Replying to [comment:11 nacin]:
 > Aside from the raw benefits or drawbacks of the ability to move wp-
 login.php (which I find are limited and plentiful, respectively), adding
 an option would go against most of our philosophies outlined at
 http://wordpress.org/about/philosophy/, including "decisions, not
 options," "striving for simplicity", and "design for the majority".

 A login page URL at an expected location for a given user community is
 simpler than one which is forced upon them and inconsistent with their
 site design. I see no value that every wordpress site should be the same
 as every other.

 And for "design for the majority" if you mean "design for the majority of
 wordpress sites to be hacked" then yes, you have succeeded. You are the
 *ONLY* CMS that has your own Botnet. Yes, you are a leading CMS but you
 are the absolutely world leader with no competition in hacked sites.

 The goal here is to allow people to avoid the super-simple attack script
 which has turned wordpress sites world over into a botnet army used
 repeatedly to attack others. To invalidate the 90k hits per day on average
 received on each and every wordpress site trying to find password
 combinations.

 This is a very simple problem with many elegant solutions, but you won't
 consider them. I'm curious about when you'll be named as a defendant by
 one of your victims.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/24673#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list