WordPress.org

Ready to get started?Download WordPress

Forums

Stealth Login Page
A great plugin to compliment existing security measures (2 posts)

5 stars
  1. Gary Jones
    Member
    Posted 1 year ago #

    This plugin adds an additional layer of security on to the attack vector that is the standard login form.

    To be clear from the outset, your password should already be extremely strong, and unique from your accounts elsewhere online.

    As it works on security-via-obscurity, it certainly should not be relied upon in lieu of existing or other security measures (like a strong password), but it works in tandem with them.

    A great way of effectively changing the login form URL. The URL is bookmarkable, so active users can still get to the new login URL without having to remember the question and answer values. Password managers, including ones like KeePass that have an autotype, still work with the login form.

    For the technically minded, the question and answer values are sent via a GET request, so they would appear in server logs and be sniffable over wifi for non-SSL sites. However, that means it's just one more step for someone to tackle before they can try attacking the login form - and if they have access to your server logs or they are a man-in-the-middle on your wifi, you already have bigger problems.

    Tested on WP 3.6-beta1.

  2. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    I need to work on 3.6 session time-out compatibility, though. Other than that, it's fine on 3.6-beta.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.