[wp-trac] [WordPress Trac] #34925: 4.4 wp-login.php: no longer possible to use the login_post scheme
WordPress Trac
noreply at wordpress.org
Wed Dec 9 04:05:32 UTC 2015
#34925: 4.4 wp-login.php: no longer possible to use the login_post scheme
------------------------------------+-----------------------------
Reporter: jamescollins | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 4.4
Severity: normal | Keywords:
Focuses: |
------------------------------------+-----------------------------
As of WordPress 4.4, the WordPress login screen uses `wp_login_url()` as
the form action when logging in.
In WordPress 4.3.1 and older, this was using `site_url( 'wp-login.php',
'login_post' )`.
`wp_login_url()` assumes the scheme is `login`, which means it is no
longer possible to filter for the `login_post` scheme and override where
WordPress's login form submits to.
This change was introduced in [34213] as part of #31495.
I understand the logic behind the above change, but it does seem to be a
regression because it means that the `login_post` scheme can't be used.
This issue affects WP Engine in particular, as they filter the
`login_post` URL as part of their brute force login protection.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34925>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list