WordPress.org

Make WordPress Core

Opened 5 months ago

#52390 new enhancement

Use specific page for postpass

Reported by: briandd Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords:
Focuses: Cc:

Description

Currently postpass uses wp-login.php which causes 3 problems:

1) If you want to monitor/rate/investigate logins to the site, this is mixed with postpass submissions.

2) if you want to limit access to wp-login through the webserver, this affects postpass

3) even if allow ?action=postpass to be widely accessible, "action" can be overriden via POST to login / reset passwords etc.

Since postpass is not a real website login and may be used by non-members of the site, i suggest that postpass gets its own page like /postpass.php where only postpass requests can be done.

Change History (0)

Note: See TracTickets for help on using tickets.