wp_login_form() action URL

  • Hello.

    I am using your plugin on site with front-end login forms by using standard WP function wp_login_form(). There is certain deficiency which reveals defined private slug. It’s enough to check html source code in browser to know what kind a slug i did setup in plugin settings. In form HTML tag, the “action” attribute show it.

    Your plugin is fine if we try to hide a /wp-admin url to not be attacked but still by this deficiency there is no problem to discover his replacement.

    Is there any chance to create a random url for every instance of form which is an output of wp_login_form() function?

    Example:

    [First page loaded] <form action=”/bDx8qQTGz”>

    [Refresh] -> <form action=”/yHP8a16xTr”>

    etc.

    On sending any login form it would be a temporary redirect link to proper one from wp-admin plugin settings.

  • The topic ‘wp_login_form() action URL’ is closed to new replies.