WordPress.org

Ready to get started?Download WordPress

Forums

Login Lock
Mask login failure info to visitors? (9 posts)

  1. Ian Dunn
    Member
    Posted 2 years ago #

    When someone normally fails a login, WordPress will tell them whether the problem was that the username didn't exist or if they just got the password wrong. That's bad for security because it lets hackers know that they have a valid username.

    Does your plugin mask that? I'd like to switch to this plugin, but would need it to have that feature.

    http://wordpress.org/extend/plugins/login-lock/

  2. Daniel Convissor
    Member
    Posted 2 years ago #

    That's simple. Add the following to your theme functions.php file:

    add_filter(
        'login_errors',
        function() {return 'Invalid Username and/or Password.';}
    );
  3. Ian Dunn
    Member
    Posted 2 years ago #

    Cool, thanks for the tip :)

  4. Daniel Convissor
    Member
    Posted 2 years ago #

    Guess what, my suggestion is not necessary. Now that I have login-lock installed, testing shows that the plugin is kind enough to produce a generic "Invalid username or password" error message.

  5. Ian Dunn
    Member
    Posted 2 years ago #

    That's good to hear. Unfortunately it looks like a lot of people are having problems with it in WP 3.3, so I'll have to wait until that's fixed to make the switch.

  6. Daniel Convissor
    Member
    Posted 2 years ago #

    Check out the fixes I posted at https://github.com/convissor/login-lock. It's working well for me on 3.3.1.

  7. Ian Dunn
    Member
    Posted 2 years ago #

    That's awesome, thanks for releasing that :)

  8. Mark
    Member
    Plugin Author

    Posted 2 years ago #

    Hey Daniel, kindly quit posting links to your fork in threads related to my plugin now that I fixed it. Thanks.

  9. Ian Dunn
    Member
    Posted 2 years ago #

    I just wanted to point out that Daniel released a new plugin called Login Security Solution to prevent brute force attacks that's written from scratch. I like Login Lock better than some of the others, but I think Daniel's plugin is the best one out there right now. I know he's done a lot of security research and has designed the new plugin around the current best practices. He's also been very responsive to the feedback I sent in.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags