When someone normally fails a login, WordPress will tell them whether the problem was that the username didn't exist or if they just got the password wrong. That's bad for security because it lets hackers know that they have a valid username.
Does your plugin mask that? I'd like to switch to this plugin, but would need it to have that feature.
Posted 4 months ago #
That's simple. Add the following to your theme functions.php file:
add_filter(
'login_errors',
function() {return 'Invalid Username and/or Password.';}
);Cool, thanks for the tip :)
Posted 4 months ago #
Guess what, my suggestion is not necessary. Now that I have login-lock installed, testing shows that the plugin is kind enough to produce a generic "Invalid username or password" error message.
That's good to hear. Unfortunately it looks like a lot of people are having problems with it in WP 3.3, so I'll have to wait until that's fixed to make the switch.
Posted 4 months ago #
Check out the fixes I posted at https://github.com/convissor/login-lock. It's working well for me on 3.3.1.
That's awesome, thanks for releasing that :)
Hey Daniel, kindly quit posting links to your fork in threads related to my plugin now that I fixed it. Thanks.
I just wanted to point out that Daniel released a new plugin called Login Security Solution to prevent brute force attacks that's written from scratch. I like Login Lock better than some of the others, but I think Daniel's plugin is the best one out there right now. I know he's done a lot of security research and has designed the new plugin around the current best practices. He's also been very responsive to the feedback I sent in.
You must log in to post.
