For v6 and v7 sites

gistfile1.txt

using System.Web.Routing;
using Umbraco.Core;

namespace RemoveRoutes
{
    public class RemoveRoutesStartupHandler : ApplicationEventHandler
    {
        protected override void ApplicationStarted(UmbracoApplicationBase umbracoApplication, ApplicationContext applicationContext)
        {
            // Reference: https://github.com/umbraco/Umbraco-CMS/issues/5206
            // Reference: https://shazwazza.com/post/need-to-remove-an-auto-routed-controller-in-umbraco/

            // Note: RouteTable needs System.Web.dll
            RouteTable.Routes.Remove(RouteTable.Routes["umbraco-surface-UmbRegister"]);
            RouteTable.Routes.Remove(RouteTable.Routes["umbraco-surface-UmbProfile"]);
            RouteTable.Routes.Remove(RouteTable.Routes["umbraco-surface-UmbLogin"]);
            RouteTable.Routes.Remove(RouteTable.Routes["umbraco-surface-UmbLoginStatus"]);
            RouteTable.Routes.Remove(RouteTable.Routes["umbraco-api-Tags"]);
        }
    }
}

@nul800sebastiaan - Since we are having the same issue, Does your last comment means we are fine to keep UmbLogin and UmbLoginStatus enabled?

@nul800sebastiaan - Since we are having the same issue, Does your last comment means we are fine to keep UmbLogin and UmbLoginStatus enabled?

@nul800sebastiaan - Could you please advise on the question above, please?

@SarikaRansubhe - the UmbLogin and UmbLoginStatus actions to the best of our knowledge can not cause harm. However, we added them here since they could be used in a DOS attack, expecially UmbLogin.

We recommend you remove those routes and implement your own logic for handling a login and showing the login status. If you're not worried about DOS attacks then you could leave these two action a is.

Hi, do we delete the .cs file from App_Data once we run the website on the public server, or does it stay in there?

@bobi33 It has to stay in place.. it's the only thing protecting you if you do not upgrade to the latest version of Umbraco,