Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#49068 closed defect (bug) (duplicate)

wp-login.php is available to a user after authentication

Reported by: henrywright's profile henry.wright Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords:
Focuses: Cc:

Description

A user can continue to access wp-login.php after they are authenticated if they visit example.com/wp-login.php.

Unless there is a reason why wp-login.php should be accessible if a user has already authenticated I propose we restrict access to stop a form being shown to them if they visit the page directly.

Change History (3)

#1 @ocean90
5 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #41533.

#2 @SergeyBiryukov
5 years ago

Hi there, thanks for the report!

We're already tracking this issue in #14949 (#41533, #48832). Also related: #47088.

#3 @henry.wright
5 years ago

Hi @SergeyBiryukov thanks for pointing out. I added a comment to the master ticket

Note: See TracTickets for help on using tickets.