[wp-trac] [WordPress Trac] #28798: htaccess and protected option
WordPress Trac
noreply at wordpress.org
Wed Jan 14 20:01:05 UTC 2015
#28798: htaccess and protected option
-------------------------+-----------------------
Reporter: YU.Design | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone:
Component: General | Version: 4.0
Severity: normal | Resolution:
Keywords: | Focuses:
-------------------------+-----------------------
Changes (by LukeWordPress):
* status: closed => reopened
* resolution: worksforme =>
Comment:
SetEnvIf does work with Query_String. So I tried using RewriteCond
%{QUERY_STRING} action=postpass [NC] within .htaccess but unfortunately
the mod_auth module gets executed before mod_rewrite. I am back to square
one.
It would be great if post passwords are through a separate file. This
gives users the option of locking down the wp-login.php file against a
brute force attack. I understand that this is not foolproof but some
security is better than none.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28798#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list