[wp-trac] [WordPress Trac] #32373: Allow For execution of code before login processing
WordPress Trac
noreply at wordpress.org
Thu May 21 02:17:28 UTC 2015
#32373: Allow For execution of code before login processing
--------------------------------------------+------------------------------
Reporter: Another Guy | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: trunk
Severity: normal | Resolution:
Keywords: dev-feedback 2nd-opinion close | Focuses:
--------------------------------------------+------------------------------
Comment (by Another Guy):
Sadly, Cloudflare (and other similar services) generally will not allow
you to outrightly block people, only require them to answer a captcha or
similar to approve themselves. it's also almost impossible to automated
it, requiring manual intervention.
Just to give you the scope of the issue, using a log file that logs a
single line:
201.46.50.xx / 188.114.98.xx - http://domain.com/wp-login.php - wp-login
detect
I have had to reset the log file twice, with over 50 MEG of log entries
for a single MU installation. At about 10 entries per 1K of file size,
you can start to understand the scale of the issues at hand. Being able
to process that many requests BEFORE the core of wordpress is started
(including all the database connections and all) has a significant
positive impact on server load. So having those hooks available so that
significantly hardened security can be put in place without having to hack
core code is a very good and positive thing.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32373#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list