Follow-up re: wpengine and login widget prob

This is a follow-up question related to this thread: http://www.s2member.com/forums/topic/urgent-logins-broken/ (The old thread is closed to new comments.)

While testing wpengine for one of our sites, we had the empty response problem with the login widget. We received the following response from wpengine support. Is this an easy fix?

wpengine support response:

“We have a strict login protection to help prevent brute-force attacks against wp-login.php. While this is effective and seamless for most customers, some customers use a custom login form instead of using the wp-login.php page. With some custom login forms clients receive a 499 error instead of being able to login to the site.

The problem on our platform comes from when the form is hardcoded directly to “wp-login.php”. Here’s some example code from a similar issue:

<form action="/wp-login.php?redirect_to=" method="post">

To compare, here’s what WordPress uses in the “wp-login.php” file:

<form name="loginform" id="loginform" action="" method="post">

The most important part of the code from “wp-login.php” file is this portion:

site_url( 'wp-login.php', 'login_post' )

Our security measures rely on modifying the “site_url()” function when the second part of that function is “login_post”. If you’re not using the “site_url()” function, or if you’re are using the “site_url()” function but not “login_post”, then the custom login form is going to run into our security block.

Our engineers have recommended to modify the code to generate the login URL the same way that WordPress does because our system reads the direct call to wp-login.php.”