[wp-trac] [WordPress Trac] #51386: Report a bug
WordPress Trac
noreply at wordpress.org
Thu Sep 24 06:29:29 UTC 2020
#51386: Report a bug
--------------------------+----------------------------------
Reporter: ahmad70043 | Owner: (none)
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.5.1
Severity: normal | Keywords: needs-privacy-review
Focuses: |
--------------------------+----------------------------------
Hello
Since the WordPress admin login page is www.yourdomain.com/wp-admin by
default and can be a gateway for hackers, one of the tasks to keep the
website secure is to change the admin login address.
But I noticed that if we have defined in the conversations settings that
the guest user must first register on the site to post a comment, in the
comments section (blog and post) there will be a link for the guest user
to enter, which the user can click on. This link enters the page with the
login address of the LoginPress admin.
In this case, changing the address of the login page to WordPress admin is
useless, because the hacker will easily find out the address by clicking
on the link in the comments section.
Thanks - Ahmad Darfashi
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51386>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list