WordPress.org

Make WordPress Core

Opened 14 months ago

Closed 14 months ago

Last modified 14 months ago

#49068 closed defect (bug) (duplicate)

wp-login.php is available to a user after authentication

Reported by: henry.wright Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords:
Focuses: Cc:

Description

A user can continue to access wp-login.php after they are authenticated if they visit example.com/wp-login.php.

Unless there is a reason why wp-login.php should be accessible if a user has already authenticated I propose we restrict access to stop a form being shown to them if they visit the page directly.

Change History (3)

#1 @ocean90
14 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #41533.

#2 @SergeyBiryukov
14 months ago

Hi there, thanks for the report!

We're already tracking this issue in #14949 (#41533, #48832). Also related: #47088.

#3 @henry.wright
14 months ago

Hi @SergeyBiryukov thanks for pointing out. I added a comment to the master ticket

Note: See TracTickets for help on using tickets.