Disable error messages on lostpassword page – possible?

  • Resolved the_lar

    (@the_lar)


    5 years, 9 months ago

    Hi,

    Does Wordfence have any option to disable errors on the lostpassword form? This is a serious security issue as it allows hackers to discover if a username or email exists. Ideally, regardless of whether the username or email exists, WordPress should display a generic message saying that ‘IF there is a matching user, an email will be sent’ – something like that anyway.

    I’ve been searching all day for a solution to this and it doesn’t seem like anything exists.

    Many thanks
    Kevin

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi @the_lar,

    There currently isn’t a feature like that. It does sound like a great idea though!

    I’ve passed this idea onto the team to see what they think about it.

    Dave

    Thread Starter the_lar

    (@the_lar)

    @wfdave, thanks for the reply… I thought that might be the case, as I said I have looked everywhere and can’t even find any hacks that achieve it, must be something that’s built into WordPress core I guess. I’d be interested to know if your team would consider it for a future release for sure.

    Kevin

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Disable error messages on lostpassword page – possible?’ is closed to new replies.