Opened 4 years ago
#52390 new enhancement
Use specific page for postpass
Reported by: | briandd | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Login and Registration | Keywords: | |
Focuses: | Cc: |
Description
Currently postpass uses wp-login.php which causes 3 problems:
1) If you want to monitor/rate/investigate logins to the site, this is mixed with postpass submissions.
2) if you want to limit access to wp-login through the webserver, this affects postpass
3) even if allow ?action=postpass to be widely accessible, "action" can be overriden via POST to login / reset passwords etc.
Since postpass is not a real website login and may be used by non-members of the site, i suggest that postpass gets its own page like /postpass.php where only postpass requests can be done.
Note: See
TracTickets for help on using
tickets.