Support » Plugin: Secure Hidden Login » Question, where does it post?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author apexad


    It does post to wp-login.php, there’s no need to re-invent the wheel and re-write the WordPress login process.

    However, if you enable the ‘block wp-login.php’ feature, it puts a line in the .htaccess file to block direct access to that file(it does this via referrer with exceptions for the mobile apps).

    In addition, the Login form is generated via javascript, so it does not exist on the page until the correct function is run to generate it.

    So, could someone spoof the referrer and still access wp-login.php? yes! Is this something done normally? no! So, this plugin certainly makes WordPress more Secure than normal. That’s all I can do. There are plenty of other Security plugins which specifically target bots and blocking them, this is not that plugin. The goal is to ‘Hide’ the normal site Login, and it does that very well.

    There are many common such applicatioins such as nohands-seo that do exactly that, and cost next to nothing. They are the worst kind of spammers and they spoof referrer and everything, just spamming sending post data to wp-login

    Adding a new type of captcha-like input, and passing that to the login form via javascript would be much more effective, IMO >:)

    *Know thy enemy*

    Plugin Author apexad


    Again, not going to re-write plugins that already exist, but I’ll think about integrating with some already existing login captcha plugins. Any that you recommend?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Question, where does it post?’ is closed to new replies.