[wp-trac] [WordPress Trac] #24193: Anti brute force protection

WordPress Trac noreply at wordpress.org
Thu Aug 14 01:29:17 UTC 2014


#24193: Anti brute force protection
-------------------------+------------------------------
 Reporter:  MAzZY        |       Owner:
     Type:  enhancement  |      Status:  reopened
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Users        |     Version:  3.5.1
 Severity:  normal       |  Resolution:
 Keywords:  has-patch    |     Focuses:
-------------------------+------------------------------

Comment (by designsimply):

 I found a suggestion from a WordPress.com user that seems maybe
 applicable. They said they like the way Twitter handles the problem of
 attacks on password reset forms by offering a option that allows users to
 require entering the right email address before an email can be triggered:

 > By default, you can initiate a password reset by entering only your
 @username. If you check this box, you will be prompted to enter your email
 address or phone number if you forget your password.
 —via user rebeca at http://en.forums.wordpress.com/topic/getting-too-many-
 unrequested-password-reset-e-mails-please-change-this?replies=5

 It's a(n ever so) slightly different problem report, but an option like
 the one they recommended may help nonetheless so I'm posting it here for
 consideration. :)

--
Ticket URL: <https://core.trac.wordpress.org/ticket/24193#comment:23>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list