Support » Requests and Feedback » Invalid User/Password

  • Here’s a minor suggestion for the WP team:

    WP’s error messages are a bit too helpful with incorrect logins. If you type in an incorrect username, WP outputs “Error: Wrong login”. This is fine so far.

    However, if you type the wrong password, you get a different message, namely “Error: Incorrect password”. This means that a possible attacker can be certain that they have correctly identified a valid user and can focus on working on finding the correct password.

    What I’d suggest is that, following the login patterns of other programs and sites, is that a generic “incorrect login detail” message should instead be used.

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Invalid User/Password’ is closed to new replies.