[wp-trac] [WordPress Trac] #12129: Generic login failure message
WordPress Trac
wp-trac at lists.automattic.com
Tue May 8 13:05:55 UTC 2012
#12129: Generic login failure message
-------------------------+----------------------
Reporter: scohoust | Owner: ryan
Type: enhancement | Status: closed
Priority: low | Milestone:
Component: Security | Version:
Severity: minor | Resolution: wontfix
Keywords: |
-------------------------+----------------------
Comment (by prionkor):
Replying to [comment:1 ryan]:
> This is by design. There is a balance to be made between security and
user friendliness.
If that's true Most (if no all) user web apps today lacks that's kinds of
user friendliness. Fixing this will also resolve a security issue. Also
user who have little experience on the web they expects that they wont get
any kinds of info about which one (username/password) is wrong as their
experience. So, it doesn't make wordpress less user friendly.
Wordpress password reset also allows user to reset password by username or
email. So, if someone also forgets there username they can surely reset
and confirm via email address.
It could be another option to have a checkbox on settings where admin can
disable the generic error if required.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12129#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list