Opened 4 years ago
Closed 4 years ago
#51386 closed defect (bug) (duplicate)
Customized login address is visible in the comments section
Reported by: | ahmad70043 | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 5.5.1 |
Component: | General | Keywords: | needs-privacy-review |
Focuses: | Cc: |
Description
Hello
Since the WordPress admin login page is www.yourdomain.com/wp-admin by default and can be a gateway for hackers, one of the tasks to keep the website secure is to change the admin login address.
But I noticed that if we have defined in the conversations settings that the guest user must first register on the site to post a comment, in the comments section (blog and post) there will be a link for the guest user to enter, which the user can click on. This link enters the page with the login address of the LoginPress admin.
In this case, changing the address of the login page to WordPress admin is useless, because the hacker will easily find out the address by clicking on the link in the comments section.
Thanks - Ahmad Darfashi
Change History (1)
#1
in reply to:
↑ description
@
4 years ago
- Milestone Awaiting Review deleted
- Resolution set to duplicate
- Status changed from assigned to closed
- Summary changed from Report a bug to Customized login address is visible in the comments section
Hi there, welcome to WordPress Trac! Thanks for the ticket.
Just noting this has come up multiple times before, please see the previous discussions in #7194, #13118, #15289, #21924, #24673, #38444, #38800, #44552.
To summarize, the
wp-login.php
orwp-admin
URLs are not intended to be customizable, as that's just security through obscurity and doesn't really help with anything, so there are currently no plans to implement this in core.To improve website security, I would suggest following these general recommendations instead: