Open StudioZut opened 1 month ago
This module seems lightweight enough. The /user/register
page is already not available to anonymous users, but the /user/login
page and the password reset are, so having those moved somewhere else makes sense.
It doesn't look like bots are trying to scan admin pages, plus those are firmly locked down, so for round 1 I'd recommend leaving those as-is (plus I think there may be headaches associated with altering them). Once the module is installed, it's easy enough to add more routes to it in the admin area, and we can re-assess.
Ok, this is up and ready for review/discussion at https://pr-1189-wriflagship.pantheonsite.io
I've changed the /user
paths to be /wri-user
instead. This is configurable here:
https://pr-1189-wriflagship.pantheonsite.io/admin/config/system/rename-admin-paths
This change will affect not only the url for the login (which will now be /wri-user/login
) and the password reset (/wri-user/password
) but will also change the user paths when you're logged in. See https://pr-1189-wriflagship.pantheonsite.io/admin/people.
Therefore, rolling out this change will mean letting all the users who currently log in at /user/login
on Flagship and the IOs know that the login url has changed. I hesitate to put that information anywhere on the /user
error pages themselves (right now they 404) or do a redirect because it could allow bots to find the new login page.
I didn't change the /admin
path for now.
Let's discuss what the rollout plan for this could look like.
No blocker to deploying the module - because WRI admins can enable after notifying editors.
Note: We will just enable this per-site, not set the value and let the WRI team do it.
This is enabled on Develop, but no paths are overwritten: https://develop-wriflagship.pantheonsite.io/admin/config/system/rename-admin-paths
looks good @mariacha
Assess renaming the login/admin path for platform sites. Suggested module: https://www.drupal.org/project/rename_admin_paths