WordPress.org

Make WordPress Core

Changes between Version 1 and Version 2 of Ticket #24673, comment 22


Ignore:
Timestamp:
04/01/2014 06:36:46 AM (7 years ago)
Author:
iseulde
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #24673, comment 22

    v1 v2  
    1 1. I made this plugin primarily because I wanted a custom login url and, secondly, because one small hosting company in Belgium decided to block wp-login.php with a Captcha (I'm sure there are others). I have zero experience with security, and the reasons I made this plugin have more to with aesthetics than security.
     11. I made this plugin primarily because I wanted a custom login url and, secondly, because one small hosting company in Belgium decided to block wp-login.php with a Captcha (I'm sure there are others). I have zero experience with security, and the reasons I made this plugin have more to do with aesthetics than security.
    22
    332. While this plugin *should* make it impossible to get to the login page without "a second password" (because that's what it really is, how simple it may be), there are some other APIs that could be attacked instead, such as xmlrpc.php. Renaming things like that would just cripple your WordPress install. And if you don't need it, you can simply turn it off as an administrator. As nacin said, a lot more public APIs are going to be introduced.