Closed anubisthejackle closed 6 months ago
The AlleyVate WordPress plugin has introduced a new Login_Nonce
class to enhance security on the login form by adding a nonce field. This nonce implementation includes various methods for nonce initialization, validation, and error handling. The changes also include a new feature addition to the plugin's load process and corresponding tests to ensure the functionality works as expected. The nonce feature aims to mitigate CSRF and brute-force attacks, aligning with WordPress security best practices.
File Path | Change Summary |
---|---|
.../features/class-login-nonce.php |
Added Login_Nonce class with methods for nonce handling in login forms. |
.../load.php |
Included new 'login_nonce' feature in the available_features function. |
.../features/test-login-nonce.php |
Created Test_Login_Nonce class for testing the nonce functionality in login forms. |
Login_Nonce
class functionality.Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on X ?
@anubisthejackle this is pretty close - see my comment about the log in button name, and I like your suggestion about not making the nonce name random. Let me know when that's done and I'll re-review
@kevinfodness I've added those changes now.
Summary
This PR adds a nonce to wp-login.php as described in issue #49.
Notes for reviewers
Please consider the potential overhead to the login process and the requirement for the page to be uncached when reviewing the changes.
Changelog entries
Added
Changed
Deprecated
Removed
Fixed
Security
Summary by CodeRabbit
New Features
Bug Fixes
Tests
Refactor
Documentation