rename-wp-login icon indicating copy to clipboard operation
rename-wp-login copied to clipboard

Published 20 hours ago verified publisher icon ellatrix

/wp-admin URL redirection

Open salvatorecapolupo opened this issue 8 years ago • 3 comments

Hi,

it would be cool if I could redirect /wp-admin -> /login (being "login" my chosen string, of course).

This request an external editing i.e htaccess or another redirection plugin, or could be done in next versions of your plugin?

Actually if I visit mysite.it/wp-admin I can see a message "You must log in to access the admin area.", and would be better to remove it in a "clear" way.

Thanks!

salvatorecapolupo avatar Sep 19 '16 09:09 salvatorecapolupo

Having a redirect like that would allow bots to find the new login url instantly, and try to brute force the username and password. I'm using the plugin specifically to avoid server load from the brute forcing. If a redirect is implemented, it would be nice if it was a setting (and should probably be disabled by default).

richrd avatar Sep 19 '16 11:09 richrd

Good idea, I agree with disabled by default for security reasons but you need this option for some scenarios; you could protect from these attacks using many strategies (htaccess, security plugins, auto-ban strategies etc).

After all, please consider that - sooner or later - anyone could find that link, i.e. /login link is likely linked from home page).

salvatorecapolupo avatar Sep 19 '16 14:09 salvatorecapolupo

Yeah, I totally agree that there are valid usecases for this. And also that it's not at all a fool proof security measure. Just security through obscurity.

So for the record it's two of us in favor of an option for redirection.

richrd avatar Sep 20 '16 08:09 richrd