[wp-testers] Incorrect Username / Incorrect Password
WP Testers List
wp-testing at mou.me.uk
Wed Apr 2 15:14:26 GMT 2008
Ive heard it mentioned so many times (a few times on this mailing list) that
I'm amazed it has yet to be changed...
When logging into WordPress, if you get the username/password combo wrong
you get one of 2 error messages:
"*ERROR*: Incorrect password."
or
*"ERROR*: Invalid username."
This just doesn't seem sensible to me. Why give away to a hacker that
they've got the username right? Its like waving a banner at them saying
"You're half way there!!"
Are there any plans to replace this double-error thing with a standard
"username/password combination not recognised" or something equally
generic? Is there a ticket already completed? I can't check myself because
my companies over zealous firewall considers anything with "wordpress" in
the url to be evil! Yeah, I know, its bullsh*t...
Something put it into my head that this would be fixed in 2.5, but I think I
got mixed up somewhere along the line. Either way, it seems like a simple
enough change. Any chance of penciling it in for 2.5.1?
More information about the wp-testers
mailing list