Make WordPress Core

Opened 3 years ago

Closed 3 years ago

#42701 closed feature request (wontfix)

admin login & user login, errors & brute force login.

Reported by: udhaya1708 Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.9
Component: Login and Registration Keywords:
Focuses: ui, administration, performance Cc:


hi, developer
The most and common attack of wordpress site is brute force admin login url pages. Bcoz, every hackers knows the wordpress admin login url is www.abc.com/wp-admin.php. The only way to protect login attacks is, by using plugins. but the problem is most of the plugins gives lot of errors & unable to login. for non-techies it is impossible to handle the login error problems.
Most of the people now move wordpress to php sites. Because there is only way to protect the wp admin area by plugins. In todays life, nearly 30,000 sites hacked per day reported by wordfence and some other sites.
So, please make changes in your wordpress, to allow people to change & customize the url for (wp admin login url & user login url), without any plugin.
Thanks for changes in future.

Change History (1)

#1 @Clorith
3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Hi there, and welcome to WordPress Trac.

You are correct that a lot of sites get targeted by brute force attacks every day, this is unfortunately not a pure WordPress issue, but something that happens against any login system out there.

Protecting against it via PHP code is quite ineffective and can cause heavy loads to a site (so bad in fact that they can take down your site just by a security plugin protecting against it), even if WordPress implemented a way to move the admin area, your site would still load on every attempt at the old address.

Basically, brute force attacks should be handled by your host, they can do it at a higher level where it won't affect your site.

As for allowing you to move the admin area, this has been brought up a few times before, the problem with this is that plugins and themes rely on files within the admin area, often in ways where if we allowed moving it, they would all break, as the fixed location isn't at its core an issue if your host puts up some safeguards, I don't see a need for it unfortunately.

Note: See TracTickets for help on using tickets.