privacy issue: login failed password should NOT be shown!
-
When
wp_login_failed
option is enabled, the password entered is shown to admins:<some_username> tried to log in to <some_WP_site>
Password tried aaa
IP some.ip.address | 12.34.567.89
User agent Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0I do not like it. Admins should NOT see what users entered – this is Big Brother. They should see there was a fail on login due to incorrect password, indeed, but not the password itself.
I am suggesting add an option (checkbox)
do not log the password entered
or something like that.
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
- The topic ‘privacy issue: login failed password should NOT be shown!’ is closed to new replies.