Security of iFrame Login

  • Resolved cgl102770

    (@cgl102770)


    7 years, 1 month ago

    Note – I didnt want to link to my clients page since I dont want to draw any more attention to it. Buildium is the vendor my clients using.

    I have a client who is a landlord. He has a WordPress site, (with SSL and the Wordfence plugin) where renters can log in and pay rent.

    The login is an iframe of a page from Buildium.com. Buildium is an online app that helps landlords manage properties, accept rent, etc.

    A few times a week I get a ‘site lockout notification’, meaning hackers are trying to break into the site. Im thinking since it has ‘rents’ in the title, hackers think they can break in and steal funds.

    I’m thinking that, even if hackers do break into the wordpress site, theyd still have to hack the buildium log in, which is iframed in from the buildium site. So, as long as buildium has strong security, my client is safe. I’m writing here to see if that assumption is correct.

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Correct. Buildium is a separate site, so the WP login is totally separate.

    Thread Starter cgl102770

    (@cgl102770)

    Ok, thank you. Just to be clear, are you saying that the vulnerability of the Buildium login is the same whether it is iframed somewhere else or not? I think that’s what you meant but just wanted to be sure. I appreciate your feedback.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    he vulnerability of the Buildium login is the same whether it is iframed somewhere else or not?

    Yes.

    Thread Starter cgl102770

    (@cgl102770)

    Great, thank you.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Security of iFrame Login’ is closed to new replies.