[wp-trac] [WordPress Trac] #9568: Allow users to log in using their email address
WordPress Trac
noreply at wordpress.org
Wed Jan 20 00:24:05 UTC 2016
#9568: Allow users to log in using their email address
---------------------------------------------------+-----------------------
Reporter: Denis-de-Bernardy | Owner:
Type: feature request | Status: assigned
Priority: normal | Milestone: 4.5
Component: Users | Version: 2.8
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests dev-feedback | Focuses:
---------------------------------------------------+-----------------------
Comment (by dd32):
Replying to [comment:86 swissspidy]:
> Thanks for this summary!
>
> > nacin reminded that these massive sites have network level monitoring
and ways of mitigating brute force. Individual WordPress sites don't have
that. We must keep that in mind when surveying the field.
>
> What can we do for WordPress sites in that regard to keep them safe when
we'd implement this? The [https://wordpress.org/plugins/two-factor/ Two-
Factor] feature plugin comes to mind, as well es dozens of plugins
limiting login attempts, banning IPs, etc.
I don't think there's really any way for core to do the same as the larger
sites, they've got infrastructure that individual WordPress sites simply
don't have.
So I think limiting login attempts / enumeration is best left to plugins
for the time being.
I agree with @ryan that we should optimise for usability, if that means
the email address becomes slightly easier to verify, that's the price we
pay for a smoother friendlier experience for our users.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/9568#comment:87>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list