[Plugin: Login Lock] Mask login failure info to visitors?

That’s simple. Add the following to your theme functions.php file:

add_filter(
    'login_errors',
    function() {return 'Invalid Username and/or Password.';}
);

Cool, thanks for the tip ??

Guess what, my suggestion is not necessary. Now that I have login-lock installed, testing shows that the plugin is kind enough to produce a generic “Invalid username or password” error message.

That’s good to hear. Unfortunately it looks like a lot of people are having problems with it in WP 3.3, so I’ll have to wait until that’s fixed to make the switch.

Check out the fixes I posted at https://github.com/convissor/login-lock. It’s working well for me on 3.3.1.

That’s awesome, thanks for releasing that ??

Hey Daniel, kindly quit posting links to your fork in threads related to my plugin now that I fixed it. Thanks.

I just wanted to point out that Daniel released a new plugin called Login Security Solution to prevent brute force attacks that’s written from scratch. I like Login Lock better than some of the others, but I think Daniel’s plugin is the best one out there right now. I know he’s done a lot of security research and has designed the new plugin around the current best practices. He’s also been very responsive to the feedback I sent in.