[wp-trac] [WordPress Trac] #51386: Report a bug

WordPress Trac noreply at wordpress.org
Thu Sep 24 06:29:29 UTC 2020

#51386: Report a bug
 Reporter:  ahmad70043    |      Owner:  (none)
     Type:  defect (bug)  |     Status:  assigned
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  General       |    Version:  5.5.1
 Severity:  normal        |   Keywords:  needs-privacy-review
  Focuses:                |
 Since the WordPress admin login page is www.yourdomain.com/wp-admin by
 default and can be a gateway for hackers, one of the tasks to keep the
 website secure is to change the admin login address.
 But I noticed that if we have defined in the conversations settings that
 the guest user must first register on the site to post a comment, in the
 comments section (blog and post) there will be a link for the guest user
 to enter, which the user can click on. This link enters the page with the
 login address of the LoginPress admin.
 In this case, changing the address of the login page to WordPress admin is
 useless, because the hacker will easily find out the address by clicking
 on the link in the comments section.

 Thanks - Ahmad Darfashi

Ticket URL: <https://core.trac.wordpress.org/ticket/51386>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list