[wp-trac] [WordPress Trac] #6076: Incorrect use of HTTP status code 500

WordPress Trac wp-trac at lists.automattic.com
Mon Mar 3 14:53:45 GMT 2008

#6076: Incorrect use of  HTTP status code 500
 Reporter:  runeh    |       Owner:  anonymous
     Type:  defect   |      Status:  new      
 Priority:  normal   |   Milestone:  2.6      
Component:  General  |     Version:  2.3.2    
 Severity:  normal   |    Keywords:           
 When trying to log in using a wrong username or password, Wordpress issues
 an HTTP 500 status code, and the request body states that wrong
 credentials has been supplied. As I am sure you know, 500 means Internal
 Server Error. A more suitable status code to use would be 403 (Forbidden).

 The 500 status code is also issued when submitting an empty username or
 password. I think 400 (Bad Request) would be a better fit. Both of these
 errors are made by the user, not the server, so it stands to reason that
 the status codes should be in the 400 range.

 I also noted that a 500 status code is issued if a user is commenting to
 quickly (as an anti-spam measure). I'm not convinced that 500 is the
 correct status to use, however I'm unsure about which status fits best.

 Fixing these issues will make Wordpress behave more semantically correct
 with regards to the HTTP protocol.

Ticket URL: <http://trac.wordpress.org/ticket/6076>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list