Invalid User/Password (4 posts)

  1. ifelse
    Posted 11 years ago #

    Here's a minor suggestion for the WP team:

    WP's error messages are a bit too helpful with incorrect logins. If you type in an incorrect username, WP outputs "Error: Wrong login". This is fine so far.

    However, if you type the wrong password, you get a different message, namely "Error: Incorrect password". This means that a possible attacker can be certain that they have correctly identified a valid user and can focus on working on finding the correct password.

    What I'd suggest is that, following the login patterns of other programs and sites, is that a generic "incorrect login detail" message should instead be used.

  2. James Huff
    Support Representative
    Posted 11 years ago #

    That's a good idea. Please send your feature request to: http://mosquito.wordpress.org/main_page.php

  3. ifelse
    Posted 11 years ago #

    Hmmm, did a quick search on Mosquito before submitting. It appears that it's already been submitted and been set to 'won't fix' on the grounds that "They can figure out usernames a million easier ways".

    A bit of a shame as it would be trivial to resolve but I understand the reasoning.

  4. laurenmclaughlin
    Posted 10 years ago #

    Help. My blog is not acknowledging my username even though I am using that username to log into my account on the wordpress website. I am locked out of my own website. What do I do?

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.