[wp-trac] [WordPress Trac] #25446: Return HTTP status code 401 upon failed login
WordPress Trac
noreply at wordpress.org
Thu Jan 16 20:20:17 UTC 2014
#25446: Return HTTP status code 401 upon failed login
-------------------------+------------------------------
Reporter: raoulbhatia | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.6
Severity: normal | Resolution:
Keywords: has-patch |
-------------------------+------------------------------
Changes (by kovshenin):
* keywords: => has-patch
Comment:
400 is something the server did not understand. In our case we understood
the request, we just didn't accept the login and password. I'm leaning
towards 403 or 401, though 401 seems to be designed around HTTP
authentication, which is not the case with wp-login.php.
My vote is for 403, besides, our XML-RPC methods that require
authentication use the 403 error code for failed logins too. Patch for
`wp_signon` in [attachment:25446.diff].
--
Ticket URL: <https://core.trac.wordpress.org/ticket/25446#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list