Support » Requests and Feedback » WordPress login insecure

Viewing 3 replies - 1 through 3 (of 3 total)
  • I see this was brought up on TRAC within the last two months:

    http://core.trac.wordpress.org/ticket/12129

    Idiot (no offense) Ryan tells us “This is by design. There is a balance to be made between security and user friendliness.”

    This is an idiotic response. Yes, there is a balance, this is known as a “retrieve username/pass link” if really needed on the login page, not a system that gives hackers an easy way to crack into the system.

    “User friendliness” should FIRST be toward people running your system, not people who cannot manage to login correctly.

    It’s really insecure. Becomes easy to a little extent for someone to break in

    I’m fully agree with you. It is unsecure. But why not to use some plugin from the ‘Login security’ field? E.g. http://devel.kostdoktorn.se/limit-login-attempts ?
    It resolves this issue without changing a row of core WordPress code.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘WordPress login insecure’ is closed to new replies.