[wp-trac] [WordPress Trac] #25446: Return HTTP status code 401 upon failed login
WordPress Trac
noreply at wordpress.org
Fri May 24 00:03:48 UTC 2019
#25446: Return HTTP status code 401 upon failed login
--------------------------------------------------+----------------------
Reporter: raoulbhatia | Owner: (none)
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Login and Registration | Version: 3.6
Severity: normal | Resolution: wontfix
Keywords: dev-feedback needs-patch 2nd-opinion | Focuses:
--------------------------------------------------+----------------------
Changes (by johnbillion):
* status: reopened => closed
* resolution: => wontfix
* milestone: Awaiting Review =>
Comment:
I've just checked the HTTP response code for the failed login screen for a
whole load of popular online services, and every single one of them
returns a 200.
While I can certainly see the benefit of switching to a 40x, nobody else
is doing it, it's not technically correct, and there are other means of
identifying failed login attempts internally (for example by hooking into
the `wp_login_errors` or `wp_login_failed` actions) and externally (for
example by looking for POST requests that return a 200 as pointed out by
@dejayc).
To that end I'm going to make an executive decision and close this as
wontfix.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/25446#comment:29>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list