Title: Question, where does it post? Last modified: August 20, 2016 --- # Question, where does it post? * Resolved [Jason](https://wordpress.org/support/users/larceniii/) * (@larceniii) * [13 years, 5 months ago](https://wordpress.org/support/topic/question-where-does-it-post/) * Where does the username/password post to? Id the login still posting to wp-login. php? * Even if the form is gone, that won’t stop bots. * [http://wordpress.org/extend/plugins/secure-hidden-login/](http://wordpress.org/extend/plugins/secure-hidden-login/) Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Author [apexad](https://wordpress.org/support/users/apexad/) * (@apexad) * [13 years, 5 months ago](https://wordpress.org/support/topic/question-where-does-it-post/#post-3317802) * It does post to wp-login.php, there’s no need to re-invent the wheel and re-write the WordPress login process. * However, if you enable the ‘block wp-login.php’ feature, it puts a line in the. htaccess file to block direct access to that file(it does this via referrer with exceptions for the mobile apps). * In addition, the Login form is generated via javascript, so it does not exist on the page until the correct function is run to generate it. * —- So, could someone spoof the referrer and still access wp-login.php? yes! Is this something done normally? no! So, this plugin certainly makes WordPress more Secure than normal. That’s all I can do. There are plenty of other Security plugins which specifically target bots and blocking them, this is not that plugin. The goal is to ‘Hide’ the normal site Login, and it does that very well. * Thread Starter [Jason](https://wordpress.org/support/users/larceniii/) * (@larceniii) * [13 years, 4 months ago](https://wordpress.org/support/topic/question-where-does-it-post/#post-3317809) * There are many common such applicatioins such as nohands-seo that do exactly that, and cost next to nothing. They are the worst kind of spammers and they spoof referrer and everything, just spamming sending post data to wp-login * Adding a new type of captcha-like input, and passing that to the login form via javascript would be much more effective, IMO >:) * *Know thy enemy* * Plugin Author [apexad](https://wordpress.org/support/users/apexad/) * (@apexad) * [13 years, 3 months ago](https://wordpress.org/support/topic/question-where-does-it-post/#post-3317811) * Again, not going to re-write plugins that already exist, but I’ll think about integrating with some already existing login captcha plugins. Any that you recommend? Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Question, where does it post?’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/secure-hidden-login_ffffff.svg) * [Secure Hidden Login](https://wordpress.org/plugins/secure-hidden-login/) * [Frequently Asked Questions](https://wordpress.org/plugins/secure-hidden-login/#faq) * [Support Threads](https://wordpress.org/support/plugin/secure-hidden-login/) * [Active Topics](https://wordpress.org/support/plugin/secure-hidden-login/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/secure-hidden-login/unresolved/) * [Reviews](https://wordpress.org/support/plugin/secure-hidden-login/reviews/) * 3 replies * 2 participants * Last reply from: [apexad](https://wordpress.org/support/users/apexad/) * Last activity: [13 years, 3 months ago](https://wordpress.org/support/topic/question-where-does-it-post/#post-3317811) * Status: resolved