Able to login even after setting Deny authentication through wp-login.php

  • Resolved manojmohandev

    (@manojmohandev)


    3 years, 7 months ago

    I had set Deny authentication through wp-login.php in Processing wp-login.php authentication requests setting. But as per documentation, it should not have authenticated my request. I was able to login without any hassle using this method. Also FYI, I have removed all IP from whitelist as well.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author gioni

    (@gioni)

    No worries, that’s normal. It’s possible because the actual URL of the login form on the wp-login.php page is your configured custom login URL (you can see in HTML). So you technically had logged in through your custom login URL as it has to be. But any attempt to log in through the default wp-login.php URL will be denied. Actually, this feature was created to catch bots that mounting brute-force attacks, not humans. In this regard, it works perfectly.

    I think we should improve this confusing humans behavior so the form will use the default login URL, not the configured one.

    Thread Starter manojmohandev

    (@manojmohandev)

    I can see the form action (html form action) itself has been modified to custom login url. I think for this feature, it would have been better to have one more check to disallow authentication whenever wp-login.php is on the referrer as well.

    I think we should improve this confusing humans behavior so the form will use
    the default login URL, not the configured one.

    It would be better.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Able to login even after setting Deny authentication through wp-login.php’ is closed to new replies.