Support » Plugin: Loginizer » Great, but with a glitch…

  • Distant Skies

    (@distant-skies)


    Well, the plugin itself is great, simple to use and does good job.

    But there is a glitch that I don’t like at all: after failed login attempt, it gives message “x tries left”, so attacker knows how many attempts does he have ahead, and after lockout, it gives message “locked, try again after x hours” (in both messages, X is number you set in settings).

    These messages just help the attackers, I don’t think there should be any such a message, apart from error message! WordPress itself has similar glitch here – they say “username wrong” or “password wrong”, so attacker knows which of these two credentials are wrong – again, there should be only error message (which can be customized in this plugin), and nothing else, any additional detail just helps the attacker.

    Of course, if actual owner locked him himself by mistake, he should know these details, but it can be sent via e-mail, not publicly for everyone to see.

    Idea and operation are worth 5 stars, but because of this glitch, 4 stars only.

  • The topic ‘Great, but with a glitch…’ is closed to new replies.