[wp-hackers] Author URLs expose usernames
Lutz Schröer
latz at elektroelch.de
Wed Jul 18 12:28:47 UTC 2012
Am 18.07.2012 06:13, schrieb Tom Barrett:
> The next step is to remove the helpful login failure messages that
> let
> hacker types search for user names.
At the moment you can use the plugin "Unified Login Error Messages"
which changes the error message to "ERROR: Invalid user/password
combination." or anything you like.
(http://wordpress.org/extend/plugins/unified-login-error-messages/)
> Are they worth considering for inclusion into core?
Supply a ticket and see what the lead devs are saying...
Latz
More information about the wp-hackers
mailing list