./inc/setup.php and /inc/secure.php both have situations where they die() and only output the word “error.” This makes it very hard to track down. It took me 3 hours to figure out why a client couldn’t connect to his WP installation. It ended up being because of the 404 lockout setting. It was locking him out even though he wasn’t doing anything out of the ordinary, and the error message left no clues as to what was happening.
I understand if you don’t want to say something like, “Better WP Security has locked you out because of too many 404 requests”, because that would give attackers information you don’t want them to have. But you should at least give some kind of clue as to what’s going on. At the very least, say something like “error code #29853”, where “#29853” is just some imaginary number. That would at least let people grep their httpdocs directory to find out what file is generating the error.
- The topic ‘[Plugin: Better WP Security] Improve lockout error messages’ is closed to new replies.