[wp-trac] [WordPress Trac] #25810: Add nonce to wp-login.php

WordPress Trac noreply at wordpress.org
Mon Nov 4 16:35:33 UTC 2013


#25810: Add nonce to wp-login.php
-----------------------------+----------------------
 Reporter:  strangerstudios  |       Owner:
     Type:  enhancement      |      Status:  closed
 Priority:  normal           |   Milestone:
Component:  Security         |     Version:
 Severity:  normal           |  Resolution:  invalid
 Keywords:                   |
-----------------------------+----------------------

Comment (by adamsilverstein):

 This might just cause the bots to load each page before submitting to get
 the correct nonce, potentially increasing server load.

 It would stop the current strain of brute force attacks where bots hit the
 login page repeatedly trying common logins. If the bots had to have a
 valid nonce, they would have to load the login page before submitting
 their login attempt, potentially slowing down the process and also
 potentially increasing load on the server.

--
Ticket URL: <http://core.trac.wordpress.org/ticket/25810#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list