Possible bypass to custom login URL

I found that if you add /wp-admin/customize.php to your domain it will redirect to an actual login page with your custom slug showing up as a token.

In short, as an example, this

https://www.myblogdomain/wp-admin/customize.php

send you to

https://www.myblogdomain.com/wp-login.php?itsec-hb-token=welcomebigfudge&redirect_to=http%3A%2F%2Fwww.myblogdomain.com%2Fwp-admin%2Fcustomize.php&reauth=1

Where https://www.myblogdomain/welcomebigfudge is my custom login URL.

Is this by chance a known issue? Any way to force this to the not_found page?

• This topic was modified 6 years, 11 months ago by ALDesigner.