ellatrix / rename-wp-login

Rename wp-login.php
https://wordpress.org/plugins/rename-wp-login/
147 stars 71 forks source link

/wp-admin URL redirection #22

Open salvatorecapolupo opened 8 years ago

salvatorecapolupo commented 8 years ago

Hi,

it would be cool if I could redirect /wp-admin -> /login (being "login" my chosen string, of course).

This request an external editing i.e htaccess or another redirection plugin, or could be done in next versions of your plugin?

Actually if I visit mysite.it/wp-admin I can see a message "You must log in to access the admin area.", and would be better to remove it in a "clear" way.

Thanks!

richrd commented 8 years ago

Having a redirect like that would allow bots to find the new login url instantly, and try to brute force the username and password. I'm using the plugin specifically to avoid server load from the brute forcing. If a redirect is implemented, it would be nice if it was a setting (and should probably be disabled by default).

salvatorecapolupo commented 8 years ago

Good idea, I agree with disabled by default for security reasons but you need this option for some scenarios; you could protect from these attacks using many strategies (htaccess, security plugins, auto-ban strategies etc).

After all, please consider that - sooner or later - anyone could find that link, i.e. /login link is likely linked from home page).

richrd commented 8 years ago

Yeah, I totally agree that there are valid usecases for this. And also that it's not at all a fool proof security measure. Just security through obscurity.

So for the record it's two of us in favor of an option for redirection.