Subscribe to Newsletter

Subscribe to get latest article or newsletter of our products

By entering your email, you agree to our Terms of Service and Privacy Policy.

Note: If a Loginizer account does not exist it will be created.

Buy Now
Introducing Loginizer 1.7.4: CSRF Protection

This version adds an option to add a new layer of security to your website which protects you from CSRF attacks.

Other than that this version has some bug fixes to 2FA App OTP verification and we have added support of 2FA to MasterStudy LMS custom login form.

CSRF Protection

What is a CSRF Attack?

CSRF is acronym for Cross-Site Request Forgery(CSRF). It's an attack where the attacker tricks the victim into making  some unwanted requests on the web application you are currently authenticated. It can help the attacker either gain control by making the user change the details, giving control of the system to the attacker, or by making the victim do actions that can benefit the attacker in some way, like making a purchase.

There are mainly 2 ways through which CSRF attacks can happen, one being if the user clicks some malicious link as with the help of social engineering the attacker can send you a link via email, chat, or message.
The Second way is if the attacker creates a legitimate-looking request from the victim's browser to the web application when the user is authenticated to that web application.

How Loginizer Prevent CSRF Attacks?

What Loginizer's CSRF Protection feature does is, it creates a random string on every session and updates the URL of the WordPress Admin with that random string. Hence making it difficult to guess or predict the string, even with the modern tool it would be really difficult to guess the random session string. So if the URL can't be predicted then the CSRF attack can't happen.

Expected Behaviour

So once the CSRF Protection is on all your logins to the WordPress dashboard will have a modified URL with a session string just after the admin slug, something like the URL in the image below. The session string will be different every time you log in.

CSRF Session URL

Another main behavior you may experience is that if you are already logged in and then you try to open WordPress admin in another tab then all your session in the other tab will get destroyed. So if you want to use your admin panel in multiple tabs then you will need to keep the same admin URL in every tab because if Loginizer doesn't find the session string in your URL it will log you out.
We know it can be annoying and copying and pasting the URL every time you need the WordPress admin in a new tab is a hassle. So to eliminate the hassle of copying the URL we added a button in the WordPress admin bar named Open New Tab. So if you need to open Wp Admin in a new tab just click it and the Admin will open in a new tab without destroying the session.

CSRF Open New tab

2FA Support for MasterStudy LMS

We have added support for 2FA with MasterStudy LMS's Custom login form. Before the Custom form of MasterStudy LMS would redirect the user without any 2FA even if 2FA is enabled and set in Loginizer. Now the support is added for MasterStudy LMS Version 2.6.3 and above. So if you have an older version than this we suggest you update your MasterStudy LMS plugin to work with Loginizer's 2FA.

Newsletter Subscription
Subscribing you to the mailing list