WordPress.org

nabtron
(@nabtron)

11 months ago

Why don’t wordpress fix the bruteforce issue with wp-login.php by making its name dynamic and setup using wp-config.php?

I know there are numerous ways to harden wp against bruteforce attacks, however having a file with standard name makes it vulnerable and bots still attempt on it.

Is WP seriously thinking about this issue? What is the expected pathway?

Also same for xmlrpc.php

Viewing 1 replies (of 1 total)

Joy
(@joyously)

11 months ago

The code needs to live somewhere.
If you have a suggestion for an enhancement, you can open a ticket at https://core.trac.wordpress.org/
Search first to see if it’s already been said.

Viewing 1 replies (of 1 total)

The topic ‘Making wp-login.php dynamic’ is closed to new replies.

In: Requests and Feedback
1 reply
2 participants
Last reply from: Joy
Last activity: 11 months ago
Status: not resolved

Views