WordPress.org

Ready to get started?Download WordPress

Forums

How secure is wp-login (with HTTP POST) + cross-domain login (3 posts)

  1. Janneke Van Dorpe
    Member
    Posted 1 year ago #

    As far as I can see user credentials entered on wp-login.php are just sent with an HTTP POST request. Does WordPress do anything else to make logging in more secure?

    If credentials are just sent with a plain text HTTP POST request, then sending this information from a different domain is the same, right? So with a shared user table I could just log the user in on both domains. Is this in any way less secure?

    I'm not asking if it's the most secure way, just wondering if it's as secure as logging in on a WordPress install without SSL enabled. WordPress.org and WordPress.com don't use SSL either...

    [ Moderator note: duplicate topic deleted. You are already in the correct place for this question. ]

  2. Give this Codex article a read, it may help you get a handle on using SSL.

    http://codex.wordpress.org/Administration_Over_SSL

    This may also help you with hardening your WordPress installation.

    http://codex.wordpress.org/Hardening_WordPress

    And if you're really concerned with someone brute force hacking your login (and that's a valid concern too especially if you're not using a good login/password combination) give these a read as well.

    http://codex.wordpress.org/Brute_Force_Attacks

  3. Janneke Van Dorpe
    Member
    Posted 1 year ago #

    Hey Jan,

    Thanks for your response, but I wasn't really asking about how to use SSL or about brute force attacks. I'm just wondering if sending a post request with the username and password to a different domain is as secure as the same post request to the same domain, just like it now happens in a normal WordPress install.

    Most WordPress websites don't use SSL and even if you do, you're not protected from brute force attacks, right? That's a different matter.

Topic Closed

This topic has been closed to new replies.

About this Topic