[wp-trac] [WordPress Trac] #25446: Return HTTP status code 401 upon failed login
WordPress Trac
noreply at wordpress.org
Tue Jun 28 14:03:43 UTC 2016
#25446: Return HTTP status code 401 upon failed login
------------------------------------+------------------------------
Reporter: raoulbhatia | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 3.6
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
------------------------------------+------------------------------
Comment (by dejayc):
Perhaps I'm missing something, but isn't it sufficient to setup fail2ban
to look out for HTTP POST requests to wp-login that result in HTTP STATUS
CODE 200?
POST is only generated by the browser when it submits a login attempt -
all other requests are GET.
And 200 is only generated by the server in the event of login failure -
success results in 301.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/25446#comment:23>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list