Woo Reset Error Hidden

  • Resolved Bert O

    (@websitehelperberto)


    4 years ago

    We had customers report password resets were not working.

    Upon checking, their accounts had been deleted according to our retention period, however, WordFence seems to block the ‘Invalid username or email’ error notification which gives customers a clue that something is wrong when they are trying to reset their password. Not seeing this error message leaves customers confused.

    Under Additional Options, I have unticked ‘Don’t let WordPress reveal valid users in login errors’ which fixes the problem and displays the error message to users.

    Is there another way to deal with this or is disabling the option the only way?

Viewing 1 replies (of 1 total)
  • WFSupport

    (@wfsupport)

    4 years ago

    Thanks for reaching out. I’m not sure how you would change the option to fit your circumstance. Blocking login error messages is to avoid giving hackers any information about why they were blocked. The side effect, as you see, is that users aren’t told what went wrong. It’s definitely a balancing act, trying to protect the site while not causing users extra problems. In your case it sounds like disabling that option is the better choice.

    Tim

Viewing 1 replies (of 1 total)

The topic ‘Woo Reset Error Hidden’ is closed to new replies.