Support » Plugin: Limit Login Attempts » [Plugin: Limit Login Attempts] Can we get the tried password along with username

Viewing 4 replies - 1 through 4 (of 4 total)
  • Only problem with getting the password is that it is considered a security risk to do so… you will be able to potentially see a legitimate user’s attempt to login even if they fail, you (or someone with access to the email) may be able to discern the real password.

    Just my 2 cents. 🙂

    Art

    I think you are talking about the situation of multi-user blogging. But in my case & in most cases, there would be only a single user for the blog.

    Plugin Author johanee

    (@johanee)

    I’m very wary of potentially logging real but misspelled passwords in cleartext, and I’m not sure what additional value it would give to most users.

    I won’t add this functionality unless you have an amazing argument. 🙂

    It would be an interesting experiment to track all attempted logins for research when you know it is a brute force attempts (for example if there is no “admin” user), but that would be a separate thing.

    Yes you are right. I don’t keep any admin username, from all notifications I could figure that those hackers always trying with admin username which does not exist 🙂

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Plugin: Limit Login Attempts] Can we get the tried password along with username’ is closed to new replies.