Support » Plugin: Hide Login+ » hide-login has url vulnerability/hack

Viewing 5 replies - 1 through 5 (of 5 total)
  • esmi

    (@esmi)

    Forum Moderator

    So not a security issue, per se, but more of a “this plugin doesn’t hide the login 100%”, yes?

    Sure, you could look at it that way. I say security/hack because if someone has a really plain login scheme:
    http://www.example.com/f

    one would simply find it. But to what you said, yea, it does not hide it 100%.

    esmi

    (@esmi)

    Forum Moderator

    Sorry for the semantics. I’m not associated with the plugin in any way but we take report of plugins (say) exposing XSS-scripting holes very seriously and try to act quickly to remove such plugins and notify the authors. In this case it’s more that the plugin isn’t doing its job properly – which, I agree, is an issue for the plugin’s author & users but has no practical impact on WordPress security in general.

    As I’ve now effectively de-railed your topic, I will happily close this one if you want to post a fresh topic for the plugin author’s attention. But I’d be grateful if you would keep words like “hack” and “vulnerability” out of the topic’s subject. Otherwise, another forum mod like myself might become concerned and start checking all over again.

    Your call..

    Touche, and dully noted. The Dude abides 🙂

    Plugin Author parswp

    (@parswp)

    Please check new version. every thing should work fine.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘hide-login has url vulnerability/hack’ is closed to new replies.