wpdotnet-sdk icon indicating copy to clipboard operation
wpdotnet-sdk copied to clipboard

Published 20 hours ago verified publisher icon iolevel

[Feature] protect login page

Open 3GDXC opened this issue 3 years ago • 1 comments

it would be good if you could change/protect/hide the login page via a configuration option; without the need to change source. IMHO this is something needed for security; maybe event placing the page behind a secured ASP.NET authenticated area could be an option have a user given TWO usernames/passwords ?

3GDXC avatar Sep 09 '20 23:09 3GDXC

That is a nice feature. Currently, you can protect the wp-login.php page with ASP.NET Core Authentication services and authentication middleware, or something like

app.Use((ctx, next) => {
      if (!ctx.Context.User.Identity.IsAuthenticated) {
        ctx.Context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
      } else {
          next(ctx);
      }
}

eventually with the check for Request URL and redirecting to a sign in page.

This can be built in wpdotnet, just not sure for now, how to make it nicely

jakubmisek avatar Sep 10 '20 08:09 jakubmisek