Cookie Requirement For Admins Only

  • Resolved atlabs

    (@atlabs)


    5 years, 4 months ago

    Hello,

    People on our site are allowed to make accounts on our site but we want to implement cookie based security. It’s not realistic to have all of our customers get a special cookie so we want to only apply this security feature for admin level accounts.

    Is there a way to only apply the cookie security feature for specific accounts/roles?

    Thank you.

    • This topic was modified 5 years, 4 months ago by atlabs.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, thank you for contacting us. Unfortunately at present there is no option in our plugin to cater for what you are asking for.

    Kind regards

    Thread Starter atlabs

    (@atlabs)

    This is a feature we’d like to implement so our next approach will be to add custom code that applies for specific roles only.

    Do you have any advise on what file we’d apply custom code to so that the cookie authentication is required for specific account roles?

    Thank you.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    I have submitted a message to the developers to investigate further your request.

    Thank you

    Thread Starter atlabs

    (@atlabs)

    Hello @mbrsolution

    I wanted to follow up with this.

    Plugin Contributor wpsolutions

    (@wpsolutions)

    Hi @atlabs,
    The way the current cookie based brute force feature works is that it checks the “HTTP_COOKIE” variable at the apache level and if the cookie of the visitor does not match the required values they will be prevented from accessing wp-login.php or any of the wp-admin pages.

    Your proposed feature requires that you need to know about a visitor’s wordpress account and role etc, but this information is only available at the PHP level and is not something you can get from apache directives.
    This is why I don’t think you can achieve what you are after by modifying the existing cookie feature in this plugin without creating more headaches for yourself.

    Instead you should probably look at creating an independent solution in your own separate plugin.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Cookie Requirement For Admins Only’ is closed to new replies.