Open salvatorecapolupo opened 8 years ago
richrd
commented
8 years ago Having a redirect like that would allow bots to find the new login url instantly, and try to brute force the username and password. I'm using the plugin specifically to avoid server load from the brute forcing. If a redirect is implemented, it would be nice if it was a setting (and should probably be disabled by default).
salvatorecapolupo
commented
8 years ago Good idea, I agree with disabled by default for security reasons but you need this option for some scenarios; you could protect from these attacks using many strategies (htaccess, security plugins, auto-ban strategies etc).
After all, please consider that - sooner or later - anyone could find that link, i.e. /login link is likely linked from home page).
richrd
commented
8 years ago Yeah, I totally agree that there are valid usecases for this. And also that it's not at all a fool proof security measure. Just security through obscurity.
So for the record it's two of us in favor of an option for redirection.
Hi,
it would be cool if I could redirect /wp-admin -> /login (being "login" my chosen string, of course).
This request an external editing i.e htaccess or another redirection plugin, or could be done in next versions of your plugin?
Actually if I visit mysite.it/wp-admin I can see a message "You must log in to access the admin area.", and would be better to remove it in a "clear" way.
Thanks!