Opened 8 months ago
Closed 8 months ago
#63936 closed defect (bug) (duplicate)
wordpress return http200 instead of 401 on login error
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 6.8.2 |
| Component: | Login and Registration | Keywords: | |
| Focuses: | sustainability | Cc: |
Description
hi,
in case of auth error wordpress return a http code of 200 instead of 401 (unauthorised) or 403 but 401 is more fitting.
I guess this is to use "security by obscurity" but the thousands of bots par hour pilling my server's wp-login.php show this has no effect at tall on the obscurity side of things. It also prevent fail2ban filter or home made filter to block abuser ip easely.
So i think this would greatly benefit to return the appropriate http code in case of a bad login/pass or auth result in wordpress.
best regards,
Ghislain.
Change History (1)
Note: See
TracTickets for help on using
tickets.
Duplicate of #25446.