The Support Forums will be in read-only mode for a scheduled maintenance window on 01 September 2016 14:00 UTC - 20:00 UTC. More information.

Secure Hidden Login
[resolved] Question, where does it post? (4 posts)

  1. Jason
    Posted 3 years ago #

    Where does the username/password post to?
    Id the login still posting to wp-login.php?

    Even if the form is gone, that won't stop bots.


  2. apexad
    Plugin Author

    Posted 3 years ago #

    It does post to wp-login.php, there's no need to re-invent the wheel and re-write the WordPress login process.

    However, if you enable the 'block wp-login.php' feature, it puts a line in the .htaccess file to block direct access to that file(it does this via referrer with exceptions for the mobile apps).

    In addition, the Login form is generated via javascript, so it does not exist on the page until the correct function is run to generate it.

    So, could someone spoof the referrer and still access wp-login.php? yes! Is this something done normally? no! So, this plugin certainly makes WordPress more Secure than normal. That's all I can do. There are plenty of other Security plugins which specifically target bots and blocking them, this is not that plugin. The goal is to 'Hide' the normal site Login, and it does that very well.

  3. Jason
    Posted 3 years ago #

    There are many common such applicatioins such as nohands-seo that do exactly that, and cost next to nothing. They are the worst kind of spammers and they spoof referrer and everything, just spamming sending post data to wp-login

    Adding a new type of captcha-like input, and passing that to the login form via javascript would be much more effective, IMO >:)

    *Know thy enemy*

  4. apexad
    Plugin Author

    Posted 3 years ago #

    Again, not going to re-write plugins that already exist, but I'll think about integrating with some already existing login captcha plugins. Any that you recommend?

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic


No tags yet.