[wp-hackers] Author URLs expose usernames

Lutz Schröer latz at elektroelch.de
Wed Jul 18 12:28:47 UTC 2012

Am 18.07.2012 06:13, schrieb Tom Barrett:
> The next step is to remove the helpful login failure messages that 
> let
> hacker types search for user names.

At the moment you can use the plugin "Unified Login Error Messages" 
which changes the error message to "ERROR: Invalid user/password 
combination." or anything you like. 

> Are they worth considering for inclusion into core?

Supply a ticket and see what the lead devs are saying...


More information about the wp-hackers mailing list