Suggestion: access slugs or custom page to log specific roles

  • Resolved neodin

    (@neodin)


    4 years, 6 months ago

    Hello, my suggestion would be to offer an extra layer of security implemented with a conditional.
    It would be to go to “brute force / change the name of the access page / URL of the access page” and there we would offer different pages with a different login slug choosing a specific role.
    Example:
    1. “myweb.com/access” only for the administrator role (or a different role, translator).
    2. “myweb.com/aceptar” only for publisher users.
    3. “myweb.com/entry” for all other users who are not administrator or editor (the roles would be chosen with multiple selection fields to choose several and thus indicate which ones would be valid for that slug and which ones would not).
    So we would have the login divided by roles and no user who registers as a subscriber, client or types of basic-level roles of other plugins such as reservations, can access the administrator account, editor, etc.

    Another method would be to include custom pages created in the page section with their different permanent links and a login, assign a role or several to each login page and thus be able to do the same but without entering the wp-login.php.

    I think this would be a giant leap in terms of security since it would be almost impossible to guess which slug is the correct one in which the administrator is, we would be looking for a slug that does not work with the administrator and it would give an error or never find the Administrator user since he would be looking at the login of subscribers or clients, even if we told him the name and password it would be almost impossible without the slug, if we add brute force to that we would be facing a system that with few changes would be practically impregnable.
    This system is designed for multiple user registrations since by the traditional method of a single slug we can only rely on the brute force system since all users enter through the same login.
    Greetings and I hope you take this improvement into account, I think it is easy to implement and the leap in security is enormous, it would be one more layer, as important as the brute force system.

Viewing 1 replies (of 1 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Thank you for reaching out to us and providing some suggestions. I have submitted a message to the developers to investigate further your request.

    Kind regards

Viewing 1 replies (of 1 total)
  • The topic ‘Suggestion: access slugs or custom page to log specific roles’ is closed to new replies.

Tags