Potentially misleading error message for incorrect_password login error
|Reported by:||mdawaffe||Owned by:|
When a user attempts to log in with an incorrect password, the incorrect_password error returned by wp_authenticate_username_password() has the following message.
If, instead, the user entered the correct password but for the wrong (though existing) account, the error response is the same. In that situation the message in unhelpful and potentially misleading.
For example, a site might have users 'bobbybluefoot' and 'boobybluefoot'. If bobbybluefoot mistypes his username as boobybluefoot, and enters his password, he gets an "Incorrect password" error.
Attached changes the error message to match the error returned by wp_authenticate().
Invalid username or incorrect password.