Changes between Version 1 and Version 2 of Ticket #24673, comment 22
- Timestamp:
- 04/01/2014 06:36:46 AM (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #24673, comment 22
v1 v2 1 1. I made this plugin primarily because I wanted a custom login url and, secondly, because one small hosting company in Belgium decided to block wp-login.php with a Captcha (I'm sure there are others). I have zero experience with security, and the reasons I made this plugin have more to with aesthetics than security.1 1. I made this plugin primarily because I wanted a custom login url and, secondly, because one small hosting company in Belgium decided to block wp-login.php with a Captcha (I'm sure there are others). I have zero experience with security, and the reasons I made this plugin have more to do with aesthetics than security. 2 2 3 3 2. While this plugin *should* make it impossible to get to the login page without "a second password" (because that's what it really is, how simple it may be), there are some other APIs that could be attacked instead, such as xmlrpc.php. Renaming things like that would just cripple your WordPress install. And if you don't need it, you can simply turn it off as an administrator. As nacin said, a lot more public APIs are going to be introduced.