[wp-trac] [WordPress Trac] #52390: Use specific page for postpass
WordPress Trac
noreply at wordpress.org
Thu Jan 28 17:49:55 UTC 2021
#52390: Use specific page for postpass
------------------------------------+-----------------------------
Reporter: briandd | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version:
Severity: normal | Keywords:
Focuses: |
------------------------------------+-----------------------------
Currently postpass uses wp-login.php which causes 3 problems:
1) If you want to monitor/rate/investigate logins to the site, this is
mixed with postpass submissions.
2) if you want to limit access to wp-login through the webserver, this
affects postpass
3) even if allow ?action=postpass to be widely accessible, "action" can be
overriden via POST to login / reset passwords etc.
Since postpass is not a real website login and may be used by non-members
of the site, i suggest that postpass gets its own page like /postpass.php
where only postpass requests can be done.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52390>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list