Displaying Passwords in Plain Text

  • Hi,

    Could I suggest the option to store failed logins, but without the password? I think it’s important to log failed logins, but I think it’s dangerous to log the attempted passwords in plain text.

    If the user has accidentally used a wrong password, but from a different legitimate account (i.e. tried their email account password instead of their WordPress one) it leaves the user open to abuse.

    Thanks,
    Tom

    https://www.ads-software.com/plugins/threewp-activity-monitor/

Viewing 2 replies - 1 through 2 (of 2 total)

  • Tom, this might be an available option, under admin settings. There are two listed as wp_login_failed. One says “Does not display the password.” Maybe you should try this option and uncheck the other?

    whoops, this is available with Plainview Activity Monitor. ThreeWP is listed now as obsolete and recommends that you use Plainview Activity Monitor instead. I think it’s the same author.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Displaying Passwords in Plain Text’ is closed to new replies.