9 Comments

  1. Andre

    No security issue here….

    Report

  2. Mic Sumner

    Hello,

    Would this only detect /wp-login.php or /wp-admin/ ? Also, WordPress powers a 1/3 of the internet, so wouldn’t be an issue to use the plugin! ๐Ÿ˜Š

    Kind regards,
    Michael

    Report

    • Jeff Chandler

      I know it detects wp-admin but I’m not sure about wp-login.php. I haven’t tested it on a site that has the meta tag generator disabeled or hidden.

      Report

      • Dan

        In one case I’ve tested using the WPS Hide Login plugin, this extension does nothing. However, the author notes on his site that there are some checks the extension makes beyond the generator tag, so I’ve sent him a question about that.

        Security by obscurity is not deep security , but changing these well-known defaults is a cheap way to abate some trouble and unnecessary server load.

        Report

  3. Harith

    This won’t be abused at all. Nope.

    Report

    • Martin

      Scriptkiddies have been doing that for as long as there have been CMS.

      This is an extension for people unable to use bookmarks and/or services like what the CMS.

      Report

  4. Gregory

    It doesn’t work if a custom login page has been configured and access to the wp-login.php file is blocked. It also makes no sense to detect CMS by relying on the “generator” meta tag because it can contain false information or be hidden.

    Report

Comments are closed.

%d bloggers like this: