[wp-trac] [WordPress Trac] #25446: Return HTTP status code 401 upon failed login
WordPress Trac
noreply at wordpress.org
Fri Aug 1 00:30:30 UTC 2014
#25446: Return HTTP status code 401 upon failed login
-------------------------+------------------------------
Reporter: raoulbhatia | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: XML-RPC | Version: 3.6
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
-------------------------+------------------------------
Changes (by ticoombs):
* component: General => XML-RPC
Comment:
+1 for 401
Plugins like fail2ban are useless, and any searching along these paths
turn up a few blogs with people just blocking all requests to /xmlrpc.php
via a fail2ban regex. Webservers need to know if this is denied access, or
was successful.
After receiving a generous 18000 unique ip's (over a week) trying to
bruteforce xmlrpc, I think its time for this to get merged.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/25446#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list