{"id":63414,"date":"2013-04-15T00:36:30","date_gmt":"2013-04-15T00:36:30","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/login-nonce\/"},"modified":"2013-04-15T04:35:09","modified_gmt":"2013-04-15T04:35:09","slug":"login-nonce","status":"closed","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/login-nonce\/","author":8074682,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"","stable_tag":"trunk","tested":"","requires":"","requires_php":"","requires_plugins":"","header_name":"login-nonce","header_author":"","header_description":"","assets_banners_color":"","last_updated":"2013-04-15 04:35:09","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/github.com\/elyobo\/wp-login-nonce\/blob\/master\/wp-login-nonce.zip?raw=true","header_author_uri":"","rating":0,"author_block_rating":0,"active_installs":40,"downloads":419,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":[],"tags":[],"upgrade_notice":[],"ratings":[],"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":[],"block_files":[],"assets_screenshots":[],"screenshots":[]},"plugin_section":[],"plugin_tags":[],"plugin_category":[],"plugin_contributors":[],"plugin_business_model":[],"class_list":["post-63414","plugin","type-plugin","status-closed","hentry","plugin_committers-elyobo"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/login-nonce.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"","raw_excerpt":"<p>A WordPress plugin to add a nonce to the login form.<\/p>\n<p>WordPress supports a limited variety of &quot;nonce&quot;, but doesn&#039;t use them on the login screen. This plugin adds a nonce here to make automated brute force attempts slower and marginally more difficult for an attacker.<\/p>\n<p>A true nonce would be more secure, but wordpress nonces can be reused, so an attacker can still make a request, get the nonce, then make multiple attempts with that nonce for as long as it remains valid. By default, WP nonces have a very long life (12 - 24 hrs), but this plugin reduces the nonce lifetime to 30 seconds on the login page to reduce this attack window.<\/p>\n<p>A more secure implementation would use one of nonces and the WP transients API to store them, removing the need for a timeout\/refresh system and making the system more secure as well; attackers would then need to make one request to the server for each login attempt, significantly slowing a brute force attack.\n<\/p>","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/63414","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=63414"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/elyobo"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=63414"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=63414"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=63414"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=63414"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=63414"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=63414"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}