Protects your WordPress websites against password leak effectiveness, by deactivating the login depending on the value of a constant defined in a mini-plugin. It is possible to blank the login dialog out if it is convenient to access the WordPress Admin area through the hosting platform exclusively. The authentication cookie’s lifespan may be extended to a configurable period of time.
A very common vulnerability to SQL injection may pave the way to downloading the WordPress database, where login information is stored. Since password hashes are convertible to clear text (using online libraries), the non-stop availability of a fully functional login screen is incompatible with cyber security.
Security would be compromised, too, if the login dialog was removed but would stay in intermittent use. Blanking the dialog out is recommendable only if the dialog is not used any more. Else, a bot may scan the login page and send an alert as soon as the dialog shows up again.
The front end must not be changed depending on the login status. Changes must be constrained to the backend, so as to stay invisible. Detecting the login status must involve actual login attempts, for WordPress to block them (but that depends on the criteria applied to assess login attempts as successful).
When configuring the auth cookie lifespan, please make sure that the low profile login screen option is chosen, with the login dialog unaltered while sending auth cookies is deactivated. This option is selected by default, and a warning displays next to the setting:
Other than low profile would pose a security threat due to the state being detectable. Please avoid High and Standard profiles unless logging in on the Hosting Platform exclusively.