User/Pass Invalid Entry Error in Login Security

[Young Master]

According to whats new in BPS Pro 5.8.2 I says that if you set User/Pass Invalid Entry Error as your security error messages option and if some tries to enter an invalid username or password it will display ERROR: Invalid Entry for either incorrect username or incorrect password. But after testing this feature by trying to enter an invalid password it only displayed ERROR: Invalid Entry. Lost your password? Is this how is supposed to display because according to your documentation you have explained that it will display ERROR: Invalid Entry for either incorrect username or incorrect password. So why displaying only ERROR: Invalid entry? Or Did I miss understood you?

[AITpro Admin]

You would need to also use the Password Reset:  Disable Password Reset option if you want to remove the Lost your Password link and disable password resetting capability.

To test enter this in your Browser since you will no longer see the Lost Password link.

/wp-login.php?action=lostpassword

[Bob]

Somewhat related, re: the same “ERROR: Invalid username. Lost your password?” message …

This message appears immediately on my sites upon visiting wp-login.php page, when I haven’t even yet typed in a username and password to attempt login … thus, one “incorrect” login attempt has been registered, if/when followed by a couple fat-finger mis-retries and I’m locked out.

Why does this happen/how can it be stopped?  No other login security plugins installed, just the base WP mechanism.  If I turn off BPS login security, the standard WP form appears without the error message.

Thanks!

Bob

[AITpro Admin]

Yep, we are aware of this issue and are looking into it further.  This happens when the login page link is pointing directly to the /wp-login.php file and does not occur when the /wp-admin path is used.

[Bob]

Super, thanks!

[Author]

Posts