When a user tries to login to WordPress and enters the username or password incorrectly, WordPress reports back specific information about what was wrong (The username field is empty, The password field is empty, Invalid username, Incorrect password). This plugin hides all of these error messages with a generic “ERROR” message, thus preventing some information from being sent to an attacker. It is also a little less friendly for users, but on a blog with only a single individual needing to login, that may be acceptable.
This plugin does not modify any system settings. It only rewrites the error message when there is a problem logging in. I have tested LEC on WordPress versions 2.33 through 2.8.
Installation
- Download LEC to the plugins directory under wp-content of your blog.
- Unzip the lec.zip file.
- Activate the plugin on your plugins page.
- (Optional) I suggest you subscribe to my RSS feed so you can stay informed about any updates to LEC.
Uninstall
- Deactivate the plugin on your plugins page.
- Delete lec.php from your plugins directory, under wp-content of your blog directory.
If you discover any problems, or have any suggestions on improving LEC, please contact me.
Payment
Using LEC is free, you do not have to pay me anything. If you find it useful, and you’d like to pay me, any (or all!) of the following would be greatly appreciated:
- Subscribe to my RSS feed.
- Blog about the LEC plugin, tell your readers about it.
- Make a donation to me.
- Buy me something from my Amazon Wishlist.
History
- April 3, 2008: Version 0.9. Initial release.
[…] Release Page | Download […]
[…] This can be helpful to an attacker if they are trying to guess usernames and/or passwords. Login Error Cleanup simply returns the message “Error” if the combination submitted is not […]
I have been looking for something like this. I like when people makes it more difficult for possible attackers to gain access to a page. Good job, mister!