WordPress.org
Get WordPress

Making WordPress.org

Changes between Initial Version and Version 1 of Ticket #5093, comment 33


Ignore:
Timestamp:
05/06/2021 10:02:02 AM (4 years ago)
Author:
anonymized_14808221
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #5093, comment 33

    initial v1  
    3030Finally, posting an URL that the OP shared in our reply to the OP is (IMO) a plain simple no-go. We should always anonymise and never directly copy paste the OP's URLs.
    3131That is simply good practice I believe.
    32 Public Urls ''can'' in fact be a minor security issue. What if I mistakenly post my ''customised'' login URL? While security thru obscurity is not a ''solution'', it is ''part of a solution'' (because since the WP login Urls are widely known, renaming them can have a huge impact on brute force bots, because they would not know my customised login url. Publicly sharing them would effectively "destroy" this (tiny) measure. Mainly thou I think it is just a form of respect to not copy-paste in replies the URL shared by Users (specially, if that URL was only part of the "I need help with" field.
     32Public Urls ''can'' in fact be a minor security issue. What if I mistakenly post my ''customised'' login URL? While security thru obscurity is not a ''solution'', it is ''part of a solution'' (because since the WP login Urls are widely known, renaming them can have a huge impact on brute force bots, because they would not know my customised login url).
     33Publicly sharing these customised login urls would effectively "destroy" this (tiny) measure.
     34
     35Mainly thou I think it is just a form of respect to not copy-paste in replies the URL shared by Users. Especially, if that URL was part of the "I need help with" field.
    3336
    3437I hope this helps and sorry the long-ish post, and of course, this is mostly based on my opinion and experience. Not trying to force it on anyone ;)