Security Issue | ww.wp.xz.cn

Resolved Mohammad Nur Hossain
(@nur1952)

10 years, 6 months ago

I’m just wondering how safe it is to restore password in GET method? I think passing password in GET method is easy for someone to find out later on, right? My opinion is to keep the password field blank once we click on the restore link that’s sent via email, and use POST method. Also, instead of using , better if we submit the form using input type=”submit”. Anyway, it’s a very nice and light plugin.

Thanks!

https://ww.wp.xz.cn/plugins/clean-login/

Viewing 1 replies (of 1 total)

Plugin Author Alberto Hornero
(@hornero)

10 years, 5 months ago

Hi nur1952,

Firsly, sorry for the delay but I’ve not received the notification mail.

Yes, it’s safe since you can only restore it from the same place you have requested it, I mean we use the standard wp_nonce way to do it and is one of the safest method to do it. This GET request doesn’t give you any additional information.

Regards,

Alberto.

Viewing 1 replies (of 1 total)

The topic ‘Security Issue’ is closed to new replies.

1 reply
2 participants
Last reply from: Alberto Hornero
Last activity: 10 years, 5 months ago
Status: resolved