Hidden login page not so hidden

  • Resolved Pascal T

    (@mrbalou06)


    5 months, 4 weeks ago

    the plugin seems to works ok … BUT the new and overriden login page URL appears clearly moving the mouse over the default recover forgotten password link on the homepage of each site where it is available in the user login section. This has to be improved for a better security as trivial to be found.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support MaximeWPS

    (@seinomedia)

    Hello,

    Thanks for using WPS Hide Login.

    If someone requests a lost password, it means he already knows the login page address, isn’t it ?

    Thread Starter Pascal T

    (@mrbalou06)

    Hello,

    Nope, as the form to login is present directly on homepage, as users accessing to the private part of the website – for members – need it to connect. By moving the mouse over the “Lost password” link shows the hidden login url as follows :

    http(s)://sitename/<hidden login url>/?action=lostpassword

    Plugin Support MaximeWPS

    (@seinomedia)

    But WPS Hide Login is useless if the login URL or a form is reachable in front.

    This plugin hides the login URL to prevent from brute force attacks. If your website enables to connect, it’s useless.

    Thread Starter Pascal T

    (@mrbalou06)

    @seinomedia ,

    understood, at the beginning, I was not sure the login for users and admin used the same form or code. You’re right and I appreciate your support and quick responses. We use a private area and we need to allow users to connect to this area. So I have to find another way to secure logins. thanks for your help. I close the topic, no need to keep it open.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.