Plugin Author
gioni
(@gioni)
Yes id does and it will. I understand your concern, but Custom login URL is intended to reduce attack surface. It’s not a password to hide it absolutely secretly. The main protection mechanism is a set of security algorithms/rules that are implemented in the plugin. BTW the vast majority of modern email clients establish a secure and encrypted connection to email servers.
To me it seems there is not much use for an obfuscated login URL unless it can remain relatively secure. I might just as well not use the feature as it is not without its own downsides. Yes, my email client is secure in its connection to my email server, but I do not control the entire path that emails may travel to me.
Security through obscurity. 😉
Thank you for your prompt response, it is sincerely appreciated.
And thank you very much for WP Cerber, it is an outstanding plugin!
-
This reply was modified 7 years, 4 months ago by
thoraldus.
Please reconsider this request.
I too am going to disable Weekly Reports if they are to contain the obscure login url.
I appreciate the more recent, more sophisticated mechanisms for identifying malicious requests, but the most important function of WP Cerber for me is how effective it is in preventing any level of success for a username/password list brute force attack.
A large part of the effectiveness comes from the obscure login url remaining secret.
In the last 2 years, for 20 sites, no failed logon has been on the actual login url (down from 5000/week on the actual login url before WP-Cerber).
Please help me protect that obscurity.
Sanity through Obscurity!