[wp-trac] [WordPress Trac] #25446: Return HTTP status code 401 upon failed login
WordPress Trac
noreply at wordpress.org
Thu Jan 22 09:15:49 UTC 2015
#25446: Return HTTP status code 401 upon failed login
------------------------------------+------------------------------
Reporter: raoulbhatia | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 3.6
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
------------------------------------+------------------------------
Comment (by sippis):
Replying to [comment:7 nacin]:
> Does *anyone* send a non-200 for a failed web login? I can't say I've
ever noticed this in practice.
Nope. Example Twitter, Facebook, GitHub, Google and BitBucket all returns
200. So I'll +1 for staying with 200 because seems that everyone else is
doing the same, and HTTP response spec lacks decent status code for failed
web login.
But what about adding op-in custom log for this purpose? I'm not so
familiar with fail2ban, but i think that it can use custom logs.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/25446#comment:17>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list