[wp-trac] [WordPress Trac] #49068: wp-login.php is available to a user after authentication
WordPress Trac
noreply at wordpress.org
Mon Dec 23 14:52:16 UTC 2019
#49068: wp-login.php is available to a user after authentication
------------------------------------+-----------------------------
Reporter: henry.wright | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version:
Severity: normal | Keywords:
Focuses: |
------------------------------------+-----------------------------
A user can continue to access wp-login.php after they are authenticated if
they visit example.com/wp-login.php.
Unless there is a reason why wp-login.php should be accessible if a user
has already authenticated I propose we restrict access to stop a form
being shown to them if they visit the page directly.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49068>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list