• Resolved wpsupacc

    (@wpsupacc)


    The hide backend url is exposed when the data export tool from wordpress is used.

    wordpress – tools – export personal data – send personal data export confirmation email.

    confirmation email received by customer shows the hidden url.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support Ben Meredith

    (@benmeredithgmailcom)

    Hey @wpsupacc!

    Glad you reached out here!

    I was able to replicate what you are seeing, but I’m trying to more fully understand exactly how you see it as a problem. Correct me if I’m wrong here:

    1. Users have the ability to request an export of their personal data.
    2. In order to facilitate that, they must log into the site.
    3. In order to log into the site, they’ll need the hide backend slug
    4. That slug has to be sent to them to allow that functionality.

    What am I missing? Is there a use case for exporting personal information from a user that doesn’t need to log into the site?

    The hide backend slug is not sensitive information, it’s a simply obfuscation of the login URL.

    In fact, it’s fairly universally regarded as “not really making the site any more secure” as compared to CAPTCHAs and passwordless logins, etc. It does help users to feel like their site is more secure, but the real security happens with brute force protections, hardening of passwords, 2-Factor Authentication, and other protections.

    We’re more than happy to clarify, or to learn more about why you believe this to be a problem.

    Have a great weekend!

    Thread Starter wpsupacc

    (@wpsupacc)

    Hi,

    In fact you are absolutely right.
    There is indeed a use case.

    We have a woocommerce store and that means that users do not log in via the standard WP screen, but via the woocommerce login screen.

    We therefore only use the wp login as administrator and therefore hide the URL.

    I understand that the plugin is not suitable for achieving our goal in this case.

    I will therefore mark it as resolved.

    Thread Starter wpsupacc

    (@wpsupacc)

    Thanks for your time 🙂

    Plugin Support Ben Meredith

    (@benmeredithgmailcom)

    Sounds great. Do also know that another option is to disable the hide backend functionality of Solid Security, and still benefit from all of the other perks of securing your site.

    Have a great day!

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.