Invalid User/Password

  • ifelse

    (@ifelse)


    21 years ago

    Here’s a minor suggestion for the WP team:

    WP’s error messages are a bit too helpful with incorrect logins. If you type in an incorrect username, WP outputs “Error: Wrong login”. This is fine so far.

    However, if you type the wrong password, you get a different message, namely “Error: Incorrect password”. This means that a possible attacker can be certain that they have correctly identified a valid user and can focus on working on finding the correct password.

    What I’d suggest is that, following the login patterns of other programs and sites, is that a generic “incorrect login detail” message should instead be used.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator James Huff

    (@macmanx)

    21 years ago

    That’s a good idea. Please send your feature request to: http://mosquito.wordpress.org/main_page.php

    Thread Starter ifelse

    (@ifelse)

    21 years ago

    Hmmm, did a quick search on Mosquito before submitting. It appears that it’s already been submitted and been set to ‘won’t fix’ on the grounds that “They can figure out usernames a million easier ways”.

    A bit of a shame as it would be trivial to resolve but I understand the reasoning.

    laurenmclaughlin

    (@laurenmclaughlin)

    20 years, 5 months ago

    Help. My blog is not acknowledging my username even though I am using that username to log into my account on the wordpress website. I am locked out of my own website. What do I do?

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Invalid User/Password’ is closed to new replies.