Support » Plugin: Disable Users » Security flaw may reveal user passwords

  • I first thought this plugin was not working. I use another plugin to limit attempts to login using the wrong password. It greatly slows brute-force attacks and notifies me as attempts arise. When I began receiving notices about brute-force attacks using one of my administrative user profiles, I disabled the profile. But, I noticed the attempts continued for the same profile.

    After testing, I realized that this plugin, Disable Users, does not present and block until a correct password is provided. Therefore, it will essentially provide an indication of when a password for a disabled user is guessed correctly.

    Can this be fixed?

  • The topic ‘Security flaw may reveal user passwords’ is closed to new replies.