Login Security Solution - Version 0.24.0

Version Description

Keep the password strength indicator from being enabled.
Narrow down when the password policy text filter is enabled.

Release Info

Developer	convissor
Plugin	Login Security Solution
Version	0.24.0
Comparing to
See all releases

Code changes from version 0.23.0 to 0.24.0

Files changed (3) hide show

languages/login-security-solution.pot +104 -104
login-security-solution.php +9 -7
readme.txt +62 -29

languages/login-security-solution.pot CHANGED Viewed

	@@ -2,10 +2,10 @@
2	# This file is distributed under the same license as the Login Security Solution package.
3	msgid ""
4	msgstr ""
5	- "Project-Id-Version: Login Security Solution 0.22.0\n"
6	"Report-Msgid-Bugs-To: http://wordpress.org/support/plugin/login-security-"
7	"solution\n"
8	- "POT-Creation-Date: 2012-08-17 00:42:14+00:00\n"
9	"MIME-Version: 1.0\n"
10	"Content-Type: text/plain; charset=UTF-8\n"
11	"Content-Transfer-Encoding: 8bit\n"
	@@ -13,308 +13,308 @@ msgstr ""
13	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14	"Language-Team: LANGUAGE <LL@li.org>\n"
15
16	- #: admin.php:~~113~~ admin.php:~~363~~
17	msgid "Settings"
18	msgstr ""
19
20	- #: admin.php:~~127~~
21	msgid "Change All Passwords"
22	msgstr ""
23
24	- #: admin.php:~~128~~
25	msgid "Do not remind me about this"
26	msgstr ""
27
28	- #: admin.php:~~129~~
29	msgid "Require All Passwords Be Changed"
30	msgstr ""
31
32	- #: admin.php:~~144~~
33	msgid ""
34	"%s must be activated via the Network Admin interface when WordPress is in "
35	"multistie network mode."
36	msgstr ""
37
38	- #: admin.php:~~250~~
39	msgid "Idle Timeout"
40	msgstr ""
41
42	- #: admin.php:~~251~~
43	msgid ""
44	"Close inactive sessions after this many minutes. 0 disables this feature."
45	msgstr ""
46
47	- #: admin.php:~~256~~
48	msgid "Maintenance Mode"
49	msgstr ""
50
51	- #: admin.php:~~257~~
52	msgid ""
53	"Disable logins from users who are not administrators and disable posting of "
54	"comments?"
55	msgstr ""
56
57	- #: admin.php:~~259~~
58	msgid "Off, let all users log in."
59	msgstr ""
60
61	- #: admin.php:~~260~~
62	msgid "On, disable comments and only let administrators log in."
63	msgstr ""
64
65	- #: admin.php:~~264~~
66	msgid "Deactivation"
67	msgstr ""
68
69	- #: admin.php:~~265~~
70	msgid ""
71	"Should deactivating the plugin remove all of the plugin's data and settings?"
72	msgstr ""
73
74	- #: admin.php:~~267~~
75	msgid "No, preserve the data for future use."
76	msgstr ""
77
78	- #: admin.php:~~268~~
79	msgid "Yes, delete the damn data."
80	msgstr ""
81
82	- #: admin.php:~~273~~
83	msgid "Match Time"
84	msgstr ""
85
86	- #: admin.php:~~274~~
87	msgid "How far back, in minutes, should login failures look for matching data?"
88	msgstr ""
89
90	- #: admin.php:~~279~~
91	msgid "Delay Tier 2"
92	msgstr ""
93
94	- #: admin.php:~~280~~
95	msgid ""
96	"How many matching login failures should it take to get into this (%d - %d "
97	"second) Delay Tier? Must be >= %d."
98	msgstr ""
99
100	- #: admin.php:~~286~~
101	msgid "Delay Tier 3"
102	msgstr ""
103
104	- #: admin.php:~~287~~
105	msgid ""
106	"How many matching login failures should it take to get into this (%d - %d "
107	"second) Delay Tier? Must be > Delay Tier 2."
108	msgstr ""
109
110	- #: admin.php:~~292~~
111	msgid "Notifications To"
112	msgstr ""
113
114	- #: admin.php:~~293~~
115	msgid ""
116	"The email address(es) the failure and breach notifications should be sent "
117	"to. For multiple addresses, separate them with commas. WordPress' "
118	"'admin_email' setting is used if none is provided here."
119	msgstr ""
120
121	- #: admin.php:~~298~~
122	msgid "Failure Notification"
123	msgstr ""
124
125	- #: admin.php:~~299~~
126	msgid ""
127	"Notify the administrator upon every x matching login failures. 0 disables "
128	"this feature."
129	msgstr ""
130
131	- #: admin.php:~~304~~
132	msgid "Breach Notification"
133	msgstr ""
134
135	- #: admin.php:~~305~~
136	msgid ""
137	"Notify the administrator if a successful login uses data matching x login "
138	"failures. 0 disables this feature."
139	msgstr ""
140
141	- #: admin.php:~~310~~
142	msgid "Breach Email Confirm"
143	msgstr ""
144
145	- #: admin.php:~~311~~
146	msgid ""
147	"If a successful login uses data matching x login failures, immediately log "
148	"the user out and require them to use WordPress' lost password process. 0 "
149	"disables this feature."
150	msgstr ""
151
152	- #: admin.php:~~317~~
153	msgid "Length"
154	msgstr ""
155
156	- #: admin.php:~~318~~
157	msgid "How long must passwords be? Must be >= %d."
158	msgstr ""
159
160	- #: admin.php:~~324~~
161	msgid "Complexity Exemption"
162	msgstr ""
163
164	- #: admin.php:~~325~~
165	msgid ""
166	"How long must passwords be to be exempt from the complexity requirements? "
167	"Must be >= %d."
168	msgstr ""
169
170	- #: admin.php:~~331~~
171	msgid "Aging"
172	msgstr ""
173
174	- #: admin.php:~~332~~
175	msgid ""
176	"How many days old can a password be before requiring it be changed? Not "
177	"recommended. 0 disables this feature."
178	msgstr ""
179
180	- #: admin.php:~~337~~
181	msgid "Grace Period"
182	msgstr ""
183
184	- #: admin.php:~~338~~
185	msgid ""
186	"How many minutes should a user have to change their password once they know "
187	"it has expired? Must be >= %d."
188	msgstr ""
189
190	- #: admin.php:~~344~~
191	msgid "History"
192	msgstr ""
193
194	- #: admin.php:~~345~~
195	msgid ""
196	"How many passwords should be remembered? Prevents reuse of old passwords. 0 "
197	"disables this feature."
198	msgstr ""
199
200	- #: admin.php:~~406~~
201	msgid "Login Failure Policies"
202	msgstr ""
203
204	- #: admin.php:~~412~~
205	msgid "Password Policies"
206	msgstr ""
207
208	- #: admin.php:~~418~~
209	msgid "Miscellaneous Policies"
210	msgstr ""
211
212	- #: admin.php:~~468~~
213	msgid ""
214	"This plugin stores the IP address, username and password for each failed log "
215	"in attempt."
216	msgstr ""
217
218	- #: admin.php:~~470~~
219	msgid ""
220	"The data from future login failures are compared against the historical data."
221	msgstr ""
222
223	- #: admin.php:~~472~~
224	msgid ""
225	"If any of the data points match, the plugin delays printing out the failure "
226	"message."
227	msgstr ""
228
229	- #: admin.php:~~474~~
230	msgid ""
231	"The goal is for the responses to take so long that the attackers give up and "
232	"go find an easier target."
233	msgstr ""
234
235	- #: admin.php:~~476~~
236	msgid "The length of the delay is broken up into three tiers."
237	msgstr ""
238
239	- #: admin.php:~~478~~
240	msgid "The amount of the delay increases in higher tiers."
241	msgstr ""
242
243	- #: admin.php:~~480~~
244	msgid ""
245	"The delay time within each tier is randomized to complicate profiling by "
246	"attackers."
247	msgstr ""
248
249	- #: admin.php:~~539~~ admin.php:~~554~~
250	msgid "Default:"
251	msgstr ""
252
253	- #: admin.php:~~578~~
254	msgid "must be >= '%s',"
255	msgstr ""
256
257	- #: admin.php:~~579~~
258	msgid "so we used the default value instead."
259	msgstr ""
260
261	- #: admin.php:~~612~~
262	msgid "must be an integer,"
263	msgstr ""
264
265	- #: admin.php:~~715~~
266	msgid "There may be cases where everyone's password should be reset."
267	msgstr ""
268
269	- #: admin.php:~~717~~
270	msgid "This page, provided by the %s plugin, offers that functionality."
271	msgstr ""
272
273	- #: admin.php:~~721~~
274	msgid ""
275	"Submitting this form sets a flag that forces all users to utilize WordPress' "
276	"built in password reset functionality."
277	msgstr ""
278
279	- #: admin.php:~~723~~
280	msgid ""
281	"Users who are presently logged in will be logged out the next time they view "
282	"a page that requires authentication."
283	msgstr ""
284
285	- #: admin.php:~~735~~
286	msgid ""
287	"Confirm that you want to force all users to change their passwords by "
288	"checking this box, then click the button, below."
289	msgstr ""
290
291	- #: admin.php:~~754~~
292	msgid "No thanks. I know what I'm doing. Please don't remind me about this."
293	msgstr ""
294
295	- #: admin.php:~~786~~
296	msgid ""
297	"You have checked a box that does not correspond with the button you pressed. "
298	"Please check and press buttons inside the same section."
299	msgstr ""
300
301	- #: admin.php:~~788~~
302	msgid ""
303	"Please confirm that you really want to do this. Put a check in the '%s' box "
304	"before hitting the submit button."
305	msgstr ""
306
307	- #: admin.php:~~804~~ admin.php:~~824~~
308	msgid "Success!"
309	msgstr ""
310
311	- #: admin.php:~~856~~
312	msgid ""
313	"WARNING: The site is in maintenance mode. DO NOT TOUCH ANYTHING! Your "
314	"changes may get overwritten!"
315	msgstr ""
316
317	- #: admin.php:~~880~~
318	msgid ""
319	"You have not asked your users to change their passwords since the plugin was "
320	"activated. Most users have weak passwords. This plugin's password policies "
	@@ -322,23 +322,23 @@ msgid ""
322	"everyone on the Internet by making all users pick new, strong, passwords."
323	msgstr ""
324
325	- #: admin.php:~~884~~
326	msgid ""
327	"Speaking of which, do YOU have a strong password? Make sure by changing "
328	"yours too."
329	msgstr ""
330
331	- #: admin.php:~~888~~
332	msgid ""
333	"The following link leads to a user interface where you can either require "
334	"all passwords to be reset or disable this notice."
335	msgstr ""
336
337	- #: admin.php:~~918~~
338	msgid "You do not have sufficient permissions to access this page."
339	msgstr ""
340
341	- #: admin.php:~~924~~
342	msgid "$user_ID variable not set. Another plugin is misbehaving."
343	msgstr ""
344
	@@ -398,22 +398,22 @@ msgstr ""
398	msgid "Please try again later."
399	msgstr ""
400
401	- #: login-security-solution.php:~~641~~
402	msgid ""
403	"The password should either be: A) at least %d characters long and contain "
404	- "upper and lower case letters ~~plus~~ ~~numbers~~ ~~and~~ ~~punctuation,~~ or B) at ~~least %d~~ "
405	- "characters long."
406	msgstr ""
407
408	- #: login-security-solution.php:~~675~~ tests/PasswordChangeTest.php:277
409	msgid "Passwords can not be reused."
410	msgstr ""
411
412	- #: login-security-solution.php:~~850~~
413	msgid "ERROR"
414	msgstr ""
415
416	- #: login-security-solution.php:~~987~~
417	msgid ""
418	"\n"
419	"Component Count Value from Current Attempt\n"
	@@ -423,22 +423,22 @@ msgid ""
423	"Password MD5 %5d %s\n"
424	msgstr ""
425
426	- #: login-security-solution.php:~~1822~~ login-security-solution.php:~~1859~~
427	msgid "POTENTIAL INTRUSION AT %s"
428	msgstr ""
429
430	- #: login-security-solution.php:~~1826~~
431	msgid "Your website, %s, may have been broken in to."
432	msgstr ""
433
434	- #: login-security-solution.php:~~1829~~
435	msgid ""
436	"Someone just logged in using the following components. Prior to that, some "
437	"combination of those components were a part of %d failed attempts to log in "
438	"during the past %d minutes:"
439	msgstr ""
440
441	- #: login-security-solution.php:~~1835~~
442	msgid ""
443	"The user's current IP address is one they have verified with your site in "
444	"the past. Therefore, the user will NOT be required to confirm their "
	@@ -446,105 +446,105 @@ msgid ""
446	"just in case this actually was a breach."
447	msgstr ""
448
449	- #: login-security-solution.php:~~1837~~
450	msgid ""
451	"The user has been logged out and will be required to confirm their identity "
452	"via the password reset functionality."
453	msgstr ""
454
455	- #: login-security-solution.php:~~1863~~
456	msgid ""
457	"Someone just logged into your '%s' account at %s. Was it you that logged "
458	"in? We are asking because the site is being attacked."
459	msgstr ""
460
461	- #: login-security-solution.php:~~1864~~
462	msgid "IF IT WAS NOT YOU, please do the following right away:"
463	msgstr ""
464
465	- #: login-security-solution.php:~~1865~~
466	msgid "1) Log into %s and change your password."
467	msgstr ""
468
469	- #: login-security-solution.php:~~1866~~
470	msgid "2) Send an email to %s letting them know it was not you who logged in."
471	msgstr ""
472
473	- #: login-security-solution.php:~~1892~~
474	msgid "ATTACK HAPPENING TO %s"
475	msgstr ""
476
477	- #: login-security-solution.php:~~1896~~
478	msgid "Your website, %s, is undergoing a brute force attack."
479	msgstr ""
480
481	- #: login-security-solution.php:~~1899~~
482	msgid ""
483	"There have been at least %d failed attempts to log in during the past %d "
484	"minutes that used one or more of the following components:"
485	msgstr ""
486
487	- #: login-security-solution.php:~~1904~~
488	msgid ""
489	"The %s plugin for WordPress is repelling the attack by making their login "
490	"failures take a very long time."
491	msgstr ""
492
493	- #: login-security-solution.php:~~2265~~ tests/PasswordValidationTest.php:~~450~~
494	msgid "Password not set."
495	msgstr ""
496
497	- #: login-security-solution.php:~~2280~~ tests/PasswordValidationTest.php:~~461~~
498	msgid "Passwords must be strings."
499	msgstr ""
500
501	- #: login-security-solution.php:~~2298~~ tests/PasswordValidationTest.php:~~474~~
502	msgid "Passwords must use ASCII characters."
503	msgstr ""
504
505	- #: login-security-solution.php:~~2317~~ tests/PasswordChangeTest.php:310
506	- #: tests/PasswordValidationTest.php:~~491~~ tests/PasswordValidationTest.php:~~505~~
507	msgid "Password is too short."
508	msgstr ""
509
510	- #: login-security-solution.php:~~2326~~ tests/PasswordValidationTest.php:~~531~~
511	msgid "Passwords must either contain numbers or be %d characters long."
512	msgstr ""
513
514	- #: login-security-solution.php:~~2335~~ tests/PasswordValidationTest.php:~~518~~
515	msgid ""
516	"Passwords must either contain punctuation marks / symbols or be %d "
517	"characters long."
518	msgstr ""
519
520	- #: login-security-solution.php:~~2344~~ tests/PasswordValidationTest.php:~~544~~
521	msgid ""
522	"Passwords must either contain upper-case and lower-case letters or be %d "
523	"characters long."
524	msgstr ""
525
526	- #: login-security-solution.php:~~2354~~ tests/PasswordValidationTest.php:~~557~~
527	msgid "Passwords can't be sequential keys."
528	msgstr ""
529
530	- #: login-security-solution.php:~~2363~~ tests/PasswordValidationTest.php:~~570~~
531	msgid "Passwords can't have that many sequential characters."
532	msgstr ""
533
534	- #: login-security-solution.php:~~2379~~ tests/PasswordValidationTest.php:~~583~~
535	- #: tests/PasswordValidationTest.php:~~596~~
536	msgid "Passwords can't contain user data."
537	msgstr ""
538
539	- #: login-security-solution.php:~~2390~~ tests/PasswordValidationTest.php:~~609~~
540	msgid "Passwords can't contain site info."
541	msgstr ""
542
543	- #: login-security-solution.php:~~2399~~ tests/PasswordValidationTest.php:~~622~~
544	msgid "Password is too common."
545	msgstr ""
546
547	- #: login-security-solution.php:~~2408~~ tests/PasswordValidationTest.php:~~638~~
548	msgid "Passwords can't be variations of dictionary words."
549	msgstr ""
550


2	# This file is distributed under the same license as the Login Security Solution package.
3	msgid ""
4	msgstr ""
5	+ "Project-Id-Version: Login Security Solution 0.24.0\n"
6	"Report-Msgid-Bugs-To: http://wordpress.org/support/plugin/login-security-"
7	"solution\n"
8	+ "POT-Creation-Date: 2012-08-29 04:18:39+00:00\n"
9	"MIME-Version: 1.0\n"
10	"Content-Type: text/plain; charset=UTF-8\n"
11	"Content-Transfer-Encoding: 8bit\n"

13	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
14	"Language-Team: LANGUAGE <LL@li.org>\n"
15
16	+ #: admin.php:112 admin.php:362
17	msgid "Settings"
18	msgstr ""
19
20	+ #: admin.php:126
21	msgid "Change All Passwords"
22	msgstr ""
23
24	+ #: admin.php:127
25	msgid "Do not remind me about this"
26	msgstr ""
27
28	+ #: admin.php:128
29	msgid "Require All Passwords Be Changed"
30	msgstr ""
31
32	+ #: admin.php:143
33	msgid ""
34	"%s must be activated via the Network Admin interface when WordPress is in "
35	"multistie network mode."
36	msgstr ""
37
38	+ #: admin.php:249
39	msgid "Idle Timeout"
40	msgstr ""
41
42	+ #: admin.php:250
43	msgid ""
44	"Close inactive sessions after this many minutes. 0 disables this feature."
45	msgstr ""
46
47	+ #: admin.php:255
48	msgid "Maintenance Mode"
49	msgstr ""
50
51	+ #: admin.php:256
52	msgid ""
53	"Disable logins from users who are not administrators and disable posting of "
54	"comments?"
55	msgstr ""
56
57	+ #: admin.php:258
58	msgid "Off, let all users log in."
59	msgstr ""
60
61	+ #: admin.php:259
62	msgid "On, disable comments and only let administrators log in."
63	msgstr ""
64
65	+ #: admin.php:263
66	msgid "Deactivation"
67	msgstr ""
68
69	+ #: admin.php:264
70	msgid ""
71	"Should deactivating the plugin remove all of the plugin's data and settings?"
72	msgstr ""
73
74	+ #: admin.php:266
75	msgid "No, preserve the data for future use."
76	msgstr ""
77
78	+ #: admin.php:267
79	msgid "Yes, delete the damn data."
80	msgstr ""
81
82	+ #: admin.php:272
83	msgid "Match Time"
84	msgstr ""
85
86	+ #: admin.php:273
87	msgid "How far back, in minutes, should login failures look for matching data?"
88	msgstr ""
89
90	+ #: admin.php:278
91	msgid "Delay Tier 2"
92	msgstr ""
93
94	+ #: admin.php:279
95	msgid ""
96	"How many matching login failures should it take to get into this (%d - %d "
97	"second) Delay Tier? Must be >= %d."
98	msgstr ""
99
100	+ #: admin.php:285
101	msgid "Delay Tier 3"
102	msgstr ""
103
104	+ #: admin.php:286
105	msgid ""
106	"How many matching login failures should it take to get into this (%d - %d "
107	"second) Delay Tier? Must be > Delay Tier 2."
108	msgstr ""
109
110	+ #: admin.php:291
111	msgid "Notifications To"
112	msgstr ""
113
114	+ #: admin.php:292
115	msgid ""
116	"The email address(es) the failure and breach notifications should be sent "
117	"to. For multiple addresses, separate them with commas. WordPress' "
118	"'admin_email' setting is used if none is provided here."
119	msgstr ""
120
121	+ #: admin.php:297
122	msgid "Failure Notification"
123	msgstr ""
124
125	+ #: admin.php:298
126	msgid ""
127	"Notify the administrator upon every x matching login failures. 0 disables "
128	"this feature."
129	msgstr ""
130
131	+ #: admin.php:303
132	msgid "Breach Notification"
133	msgstr ""
134
135	+ #: admin.php:304
136	msgid ""
137	"Notify the administrator if a successful login uses data matching x login "
138	"failures. 0 disables this feature."
139	msgstr ""
140
141	+ #: admin.php:309
142	msgid "Breach Email Confirm"
143	msgstr ""
144
145	+ #: admin.php:310
146	msgid ""
147	"If a successful login uses data matching x login failures, immediately log "
148	"the user out and require them to use WordPress' lost password process. 0 "
149	"disables this feature."
150	msgstr ""
151
152	+ #: admin.php:316
153	msgid "Length"
154	msgstr ""
155
156	+ #: admin.php:317
157	msgid "How long must passwords be? Must be >= %d."
158	msgstr ""
159
160	+ #: admin.php:323
161	msgid "Complexity Exemption"
162	msgstr ""
163
164	+ #: admin.php:324
165	msgid ""
166	"How long must passwords be to be exempt from the complexity requirements? "
167	"Must be >= %d."
168	msgstr ""
169
170	+ #: admin.php:330
171	msgid "Aging"
172	msgstr ""
173
174	+ #: admin.php:331
175	msgid ""
176	"How many days old can a password be before requiring it be changed? Not "
177	"recommended. 0 disables this feature."
178	msgstr ""
179
180	+ #: admin.php:336
181	msgid "Grace Period"
182	msgstr ""
183
184	+ #: admin.php:337
185	msgid ""
186	"How many minutes should a user have to change their password once they know "
187	"it has expired? Must be >= %d."
188	msgstr ""
189
190	+ #: admin.php:343
191	msgid "History"
192	msgstr ""
193
194	+ #: admin.php:344
195	msgid ""
196	"How many passwords should be remembered? Prevents reuse of old passwords. 0 "
197	"disables this feature."
198	msgstr ""
199
200	+ #: admin.php:405
201	msgid "Login Failure Policies"
202	msgstr ""
203
204	+ #: admin.php:411
205	msgid "Password Policies"
206	msgstr ""
207
208	+ #: admin.php:417
209	msgid "Miscellaneous Policies"
210	msgstr ""
211
212	+ #: admin.php:467
213	msgid ""
214	"This plugin stores the IP address, username and password for each failed log "
215	"in attempt."
216	msgstr ""
217
218	+ #: admin.php:469
219	msgid ""
220	"The data from future login failures are compared against the historical data."
221	msgstr ""
222
223	+ #: admin.php:471
224	msgid ""
225	"If any of the data points match, the plugin delays printing out the failure "
226	"message."
227	msgstr ""
228
229	+ #: admin.php:473
230	msgid ""
231	"The goal is for the responses to take so long that the attackers give up and "
232	"go find an easier target."
233	msgstr ""
234
235	+ #: admin.php:475
236	msgid "The length of the delay is broken up into three tiers."
237	msgstr ""
238
239	+ #: admin.php:477
240	msgid "The amount of the delay increases in higher tiers."
241	msgstr ""
242
243	+ #: admin.php:479
244	msgid ""
245	"The delay time within each tier is randomized to complicate profiling by "
246	"attackers."
247	msgstr ""
248
249	+ #: admin.php:538 admin.php:553
250	msgid "Default:"
251	msgstr ""
252
253	+ #: admin.php:577
254	msgid "must be >= '%s',"
255	msgstr ""
256
257	+ #: admin.php:578
258	msgid "so we used the default value instead."
259	msgstr ""
260
261	+ #: admin.php:611
262	msgid "must be an integer,"
263	msgstr ""
264
265	+ #: admin.php:714
266	msgid "There may be cases where everyone's password should be reset."
267	msgstr ""
268
269	+ #: admin.php:716
270	msgid "This page, provided by the %s plugin, offers that functionality."
271	msgstr ""
272
273	+ #: admin.php:720
274	msgid ""
275	"Submitting this form sets a flag that forces all users to utilize WordPress' "
276	"built in password reset functionality."
277	msgstr ""
278
279	+ #: admin.php:722
280	msgid ""
281	"Users who are presently logged in will be logged out the next time they view "
282	"a page that requires authentication."
283	msgstr ""
284
285	+ #: admin.php:734
286	msgid ""
287	"Confirm that you want to force all users to change their passwords by "
288	"checking this box, then click the button, below."
289	msgstr ""
290
291	+ #: admin.php:753
292	msgid "No thanks. I know what I'm doing. Please don't remind me about this."
293	msgstr ""
294
295	+ #: admin.php:785
296	msgid ""
297	"You have checked a box that does not correspond with the button you pressed. "
298	"Please check and press buttons inside the same section."
299	msgstr ""
300
301	+ #: admin.php:787
302	msgid ""
303	"Please confirm that you really want to do this. Put a check in the '%s' box "
304	"before hitting the submit button."
305	msgstr ""
306
307	+ #: admin.php:803 admin.php:823
308	msgid "Success!"
309	msgstr ""
310
311	+ #: admin.php:855
312	msgid ""
313	"WARNING: The site is in maintenance mode. DO NOT TOUCH ANYTHING! Your "
314	"changes may get overwritten!"
315	msgstr ""
316
317	+ #: admin.php:879
318	msgid ""
319	"You have not asked your users to change their passwords since the plugin was "
320	"activated. Most users have weak passwords. This plugin's password policies "

322	"everyone on the Internet by making all users pick new, strong, passwords."
323	msgstr ""
324
325	+ #: admin.php:883
326	msgid ""
327	"Speaking of which, do YOU have a strong password? Make sure by changing "
328	"yours too."
329	msgstr ""
330
331	+ #: admin.php:887
332	msgid ""
333	"The following link leads to a user interface where you can either require "
334	"all passwords to be reset or disable this notice."
335	msgstr ""
336
337	+ #: admin.php:917
338	msgid "You do not have sufficient permissions to access this page."
339	msgstr ""
340
341	+ #: admin.php:923
342	msgid "$user_ID variable not set. Another plugin is misbehaving."
343	msgstr ""
344

398	msgid "Please try again later."
399	msgstr ""
400
401	+ #: login-security-solution.php:643
402	msgid ""
403	"The password should either be: A) at least %d characters long and contain "
404	+ "upper and lower case letters (except languages that only have one case) plus "
405	+ "numbers and punctuation, or B) at least %d characters long."
406	msgstr ""
407
408	+ #: login-security-solution.php:677 tests/PasswordChangeTest.php:277
409	msgid "Passwords can not be reused."
410	msgstr ""
411
412	+ #: login-security-solution.php:852
413	msgid "ERROR"
414	msgstr ""
415
416	+ #: login-security-solution.php:989
417	msgid ""
418	"\n"
419	"Component Count Value from Current Attempt\n"

423	"Password MD5 %5d %s\n"
424	msgstr ""
425
426	+ #: login-security-solution.php:1805 login-security-solution.php:1842
427	msgid "POTENTIAL INTRUSION AT %s"
428	msgstr ""
429
430	+ #: login-security-solution.php:1809
431	msgid "Your website, %s, may have been broken in to."
432	msgstr ""
433
434	+ #: login-security-solution.php:1812
435	msgid ""
436	"Someone just logged in using the following components. Prior to that, some "
437	"combination of those components were a part of %d failed attempts to log in "
438	"during the past %d minutes:"
439	msgstr ""
440
441	+ #: login-security-solution.php:1818
442	msgid ""
443	"The user's current IP address is one they have verified with your site in "
444	"the past. Therefore, the user will NOT be required to confirm their "

446	"just in case this actually was a breach."
447	msgstr ""
448
449	+ #: login-security-solution.php:1820
450	msgid ""
451	"The user has been logged out and will be required to confirm their identity "
452	"via the password reset functionality."
453	msgstr ""
454
455	+ #: login-security-solution.php:1846
456	msgid ""
457	"Someone just logged into your '%s' account at %s. Was it you that logged "
458	"in? We are asking because the site is being attacked."
459	msgstr ""
460
461	+ #: login-security-solution.php:1847
462	msgid "IF IT WAS NOT YOU, please do the following right away:"
463	msgstr ""
464
465	+ #: login-security-solution.php:1848
466	msgid "1) Log into %s and change your password."
467	msgstr ""
468
469	+ #: login-security-solution.php:1849
470	msgid "2) Send an email to %s letting them know it was not you who logged in."
471	msgstr ""
472
473	+ #: login-security-solution.php:1875
474	msgid "ATTACK HAPPENING TO %s"
475	msgstr ""
476
477	+ #: login-security-solution.php:1879
478	msgid "Your website, %s, is undergoing a brute force attack."
479	msgstr ""
480
481	+ #: login-security-solution.php:1882
482	msgid ""
483	"There have been at least %d failed attempts to log in during the past %d "
484	"minutes that used one or more of the following components:"
485	msgstr ""
486
487	+ #: login-security-solution.php:1887
488	msgid ""
489	"The %s plugin for WordPress is repelling the attack by making their login "
490	"failures take a very long time."
491	msgstr ""
492
493	+ #: login-security-solution.php:2294 tests/PasswordValidationTest.php:483
494	msgid "Password not set."
495	msgstr ""
496
497	+ #: login-security-solution.php:2309 tests/PasswordValidationTest.php:494
498	msgid "Passwords must be strings."
499	msgstr ""
500
501	+ #: login-security-solution.php:2327 tests/PasswordValidationTest.php:507
502	msgid "Passwords must use ASCII characters."
503	msgstr ""
504
505	+ #: login-security-solution.php:2346 tests/PasswordChangeTest.php:310
506	+ #: tests/PasswordValidationTest.php:524 tests/PasswordValidationTest.php:538
507	msgid "Password is too short."
508	msgstr ""
509
510	+ #: login-security-solution.php:2355 tests/PasswordValidationTest.php:564
511	msgid "Passwords must either contain numbers or be %d characters long."
512	msgstr ""
513
514	+ #: login-security-solution.php:2364 tests/PasswordValidationTest.php:551
515	msgid ""
516	"Passwords must either contain punctuation marks / symbols or be %d "
517	"characters long."
518	msgstr ""
519
520	+ #: login-security-solution.php:2373 tests/PasswordValidationTest.php:577
521	msgid ""
522	"Passwords must either contain upper-case and lower-case letters or be %d "
523	"characters long."
524	msgstr ""
525
526	+ #: login-security-solution.php:2383 tests/PasswordValidationTest.php:590
527	msgid "Passwords can't be sequential keys."
528	msgstr ""
529
530	+ #: login-security-solution.php:2392 tests/PasswordValidationTest.php:603
531	msgid "Passwords can't have that many sequential characters."
532	msgstr ""
533
534	+ #: login-security-solution.php:2408 tests/PasswordValidationTest.php:616
535	+ #: tests/PasswordValidationTest.php:629
536	msgid "Passwords can't contain user data."
537	msgstr ""
538
539	+ #: login-security-solution.php:2419 tests/PasswordValidationTest.php:642
540	msgid "Passwords can't contain site info."
541	msgstr ""
542
543	+ #: login-security-solution.php:2428 tests/PasswordValidationTest.php:655
544	msgid "Password is too common."
545	msgstr ""
546
547	+ #: login-security-solution.php:2437 tests/PasswordValidationTest.php:671
548	msgid "Passwords can't be variations of dictionary words."
549	msgstr ""
550

	@@ -6,7 +6,7 @@
6	* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
7	*
8	* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
9	- * Version: 0.23.0
10	* Author: Daniel Convissor
11	* Author URI: http://www.analysisandsolutions.com/
12	* License: GPLv2
	@@ -189,9 +189,7 @@ class login_security_solution {
189	add_action('user_profile_update_errors',
190	array(&$this, 'user_profile_update_errors'), 999, 3);
191
192	- add_action('~~personal_options~~', array(&$this, '~~pw_policy_add_filter~~'));
193	- add_action('user_new_form_tag', array(&$this, 'pw_policy_add_filter'));
194	- add_action('login_init', array(&$this, 'pw_policy_add_filter'));
195
196	add_filter('login_errors', array(&$this, 'login_errors'));
197	add_filter('login_message', array(&$this, 'login_message'));
	@@ -231,6 +229,8 @@ class login_security_solution {
231	add_action($admin_menu, array(&$admin, 'admin_menu'));
232	add_action('admin_init', array(&$admin, 'admin_init'));
233	add_filter($plugin_action_links, array(&$admin, 'plugin_action_links'));


234
235	if ($this->options['disable_logins']) {
236	add_action('admin_notices', array(&$admin, 'admin_notices_disable_logins'));
	@@ -610,15 +610,17 @@ class login_security_solution {
610	}
611
612	/**
613	- * Declares our password policy gettext filter

614	*
615	* NOTE: This method is automatically called by WordPress
616	* on the wp-login.php, user-new.php, and user-edit.php pages.
617	*
618	* @return void
619	*/
620	- public function ~~pw_policy_add_filter~~() {
621	add_filter('gettext', array(&$this, 'pw_policy_rewrite'), 11, 2);

622	}
623
624	/**
	@@ -638,7 +640,7 @@ class login_security_solution {
638	$policy = 'Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).';
639
640	if ($original == $policy) {
641	- $translated = sprintf(__("The password should either be: A) at least %d characters long and contain upper and lower case letters plus numbers and punctuation, or B) at least %d characters long.", self::ID), $this->options['pw_length'], $this->options['pw_complexity_exemption_length']);
642	}
643
644	return $translated;


6	* Description: Requires very strong passwords, repels brute force login attacks, prevents login information disclosures, expires idle sessions, notifies admins of attacks and breaches, permits administrators to disable logins for maintenance or emergency reasons and reset all passwords.
7	*
8	* Plugin URI: http://wordpress.org/extend/plugins/login-security-solution/
9	+ * Version: 0.24.0
10	* Author: Daniel Convissor
11	* Author URI: http://www.analysisandsolutions.com/
12	* License: GPLv2

189	add_action('user_profile_update_errors',
190	array(&$this, 'user_profile_update_errors'), 999, 3);
191
192	+ add_action('login_form_resetpass', array(&$this, 'pw_policy_establish'));


193
194	add_filter('login_errors', array(&$this, 'login_errors'));
195	add_filter('login_message', array(&$this, 'login_message'));

229	add_action($admin_menu, array(&$admin, 'admin_menu'));
230	add_action('admin_init', array(&$admin, 'admin_init'));
231	add_filter($plugin_action_links, array(&$admin, 'plugin_action_links'));
232	+ add_action('personal_options', array(&$admin, 'pw_policy_establish'));
233	+ add_action('user_new_form_tag', array(&$admin, 'pw_policy_establish'));
234
235	if ($this->options['disable_logins']) {
236	add_action('admin_notices', array(&$admin, 'admin_notices_disable_logins'));

610	}
611
612	/**
613	+ * Declares our password policy gettext filter and deactivates the
614	+ * password strength indicator script
615	*
616	* NOTE: This method is automatically called by WordPress
617	* on the wp-login.php, user-new.php, and user-edit.php pages.
618	*
619	* @return void
620	*/
621	+ public function pw_policy_establish() {
622	add_filter('gettext', array(&$this, 'pw_policy_rewrite'), 11, 2);
623	+ wp_deregister_script('password-strength-meter');
624	}
625
626	/**

640	$policy = 'Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).';
641
642	if ($original == $policy) {
643	+ $translated = sprintf($this->hsc_utf8(__("The password should either be: A) at least %d characters long and contain upper and lower case letters (except languages that only have one case) plus numbers and punctuation, or B) at least %d characters long.", self::ID)), $this->options['pw_length'], $this->options['pw_complexity_exemption_length']);
644	}
645
646	return $translated;

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=danie
4	Tags: login, password, passwords, strength, strong, strong passwords, password strength, idle, timeout, maintenance, security, attack, hack, lock, lockdown, ban, brute force, brute, force, authentication, auth, cookie, users
5	Requires at least: 3.3
6	Tested up to: 3.4.1
7	- Stable tag: 0.23.0
8
9	Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode lockdown.
10
	@@ -38,7 +38,9 @@ The tests have caught every password dictionary entry I've tried.
38	+ Doesn't match blog info
39	+ Doesn't match user data
40	+ Must either have numbers, punctuation, upper and lower case characters
41	- or be very long


42	+ Non-sequential codepoints
43	+ Non-sequential keystrokes (custom sequence files can be added)
44	+ Not in the password dictionary files you've provided (if any)
	@@ -71,6 +73,8 @@ The tests have caught every password dictionary entry I've tried.
71	= Improvements Over Similar WordPress Plugins =
72
73	* Multisite network support


74	* Takes security seriously so the plugin itself does not open your site
75	to SQL, HTML, or header injection vulnerabilities
76	* Notice-free code means no information disclosures if `display_errors`
	@@ -82,7 +86,6 @@ The tests have caught every password dictionary entry I've tried.
82	* Uses WordPress' features rather than fighting or overriding them
83	* No advertising, promotions, or beacons
84	* Proper internationalization support
85	- * Monitors auth cookie failures
86	* Clean, documented code
87	* Unit tests covering 100% of the main class
88	* Internationalized unit tests
	@@ -90,14 +93,22 @@ The tests have caught every password dictionary entry I've tried.
90	For reference, the similar plugins include:
91
92	* [Better WP Security](http://wordpress.org/extend/plugins/better-wp-security/)

93	* [Login Lock](http://wordpress.org/extend/plugins/login-lock/)

94	* [PMC Lockdown](http://wordpress.org/extend/plugins/pmc-lockdown/)
95	* [Simple Login Lockdown](http://wordpress.org/extend/plugins/simple-login-lockdown/)
96
97






98	= Translations =
99
100	- * Français, français (French, France) (fr_FR) by mermouy
101
102
103	= Securing Your WordPress Site is Important =
	@@ -122,10 +133,24 @@ clients and friends. Oh, and if the attack involves malware, that malware
122	has probably gotten itself into your computer.
123
124
125	- = ~~Compatability~~ ~~with~~ ~~Other~~ ~~Plugins~~ =
126
127	- ~~Some~~ ~~plugins~~ ~~provide~~ ~~similar~~ ~~functionality. These~~ ~~overlaps~~ ~~can~~ ~~lead to~~
128	- ~~conflicts~~ ~~during~~ ~~program~~ ~~execution~~. ~~Please~~ ~~read~~ ~~the~~ ~~FAQ!~~














129
130
131	== Installation ==
	@@ -317,6 +342,10 @@ implementation, use the script I made for generating all of the .mo files:
317
318	== Changelog ==
319




320	= 0.23.0 =
321	* Split user and site info into components before comparing them.
322	* Increase minimum password length to 10 characters.
	@@ -325,7 +354,8 @@ implementation, use the script I made for generating all of the .mo files:
325	* Track a given IP, user name, password combination only once.
326	* Prevent "not a valid MySQL-Link resource" on auth cookie failure.
327	* Increase default value of login_fail_notify from 20 to 50.
328	- * Add partial French translation. Settings page needs doing. Thanks ~~mermouy!~~

329
330	= 0.21.0 =
331	* Fix is_pw_outside_ascii() to permit spaces.
	@@ -358,19 +388,23 @@ the failure and breach notifications get sent to. (Request #1560)
358	against their user name.
359
360	= 0.17.0 =
361	- * Fix network IP query in get_login_fail(). (Bug #1553, ~~deanmarktaylor)~~
362	- * Rename files holding expected test results. ~~(Bug #1552,~~ deanmarktaylor)


363
364	= 0.16.0 =
365	* Have shell script gracefully handle value already being the desired value.
366
367	= 0.15.0 =
368	* Log auth cookie failures too.
369	- * Clean up sleep logic. (Bug #1549, ~~deanmarktaylor)~~

370
371	= 0.14.0 =
372	* Fix emails being mistakenly sent in multisite mode that say "There have
373	- been at least 0 failed attempts to log in". (Bug #1548, ~~deanmarktaylor)~~

374	* Add an `.htaccess` file that blocks access to this plugin's directory.
375
376	= 0.13.0 =
	@@ -381,7 +415,7 @@ command line.
381	* Display a notice on top of admin pages when our maintenance mode is enabled.
382
383	= 0.11.0 =
384	- * Use POST value for `$user_name` in `login_errors()` because global value
385	isn't always set.
386	* Add some more (commented out) log() calls to help users help me help them.
387
	@@ -476,30 +510,17 @@ problems under PHP 5.4.
476	* Tested under WordPress 3.3.1.
477
478
479	- == To Do ==
480	-
481	- * Delete old data in the `fail` table.
482	- * Add some JS/AJAX magic to make users' lives easier by also validating
483	- passwords on the front end prior to submission. Patches welcome!
484	-
485	-
486	- == Bugs and Feature Requests ==
487	-
488	- Report bugs and submit feature requests by opening a ticket in WordPress'
489	- [plugins Trac website](https://plugins.trac.wordpress.org/newticket?component=login-security-solution).
490	-
491	- You can also [view our existing tickets](https://plugins.trac.wordpress.org/query?status=assigned&status=closed&status=new&status=reopened&component=login-security-solution&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=component&desc=1&order=id) there.
492
493	-
494	- == Inspiration and References ==
495
496	* Password Research

497	+ [You can never have too many passwords: techniques for evaluating a huge corpus](http://www.cl.cam.ac.uk/~jcb82/doc/B12-IEEESP-evaluating_a_huge_password_corpus.pdf), Joseph Bonneau
498	+ [Analyzing Password Strength](http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf), Martin Devillers
499	+ [Consumer Password Worst Practices](http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdf), Imperva
500	+ [Preventing Brute Force Attacks on your Web Login](http://www.bryanrite.com/preventing-brute-force-attacks-on-your-web-login/), Bryan Rite
501	+ [Password Strength](http://xkcd.com/936/), Randall Munroe
502	- + [Why passwords have never been weaker -- and crackers have never been stronger](http://arstechnica.com/security/2012/08/passwords-under-assault/), Dan Goodin
503
504	* Technical Info
505	+ [The Extreme UTF-8 Table](http://doc.infosnel.nl/extreme_utf-8.html), infosnel.nl
	@@ -509,3 +530,15 @@ You can also [view our existing tickets](https://plugins.trac.wordpress.org/quer
509	+ [Dazzlepod Password List](http://dazzlepod.com/site_media/txt/passwords.txt), Dazzlepod
510	+ [Common Passwords](http://www.searchlores.org/commonpass1.htm), Fravia
511	+ [The Top 500 Worst Passwords of All Time](http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time), Mark Burnett


4	Tags: login, password, passwords, strength, strong, strong passwords, password strength, idle, timeout, maintenance, security, attack, hack, lock, lockdown, ban, brute force, brute, force, authentication, auth, cookie, users
5	Requires at least: 3.3
6	Tested up to: 3.4.1
7	+ Stable tag: 0.24.0
8
9	Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode lockdown.
10

38	+ Doesn't match blog info
39	+ Doesn't match user data
40	+ Must either have numbers, punctuation, upper and lower case characters
41	+ or be very long. Note: alphabets with only one case (e.g. Arabic,
42	+ Hebrew, etc.) are automatically exempted from the upper/lower case
43	+ requirement.
44	+ Non-sequential codepoints
45	+ Non-sequential keystrokes (custom sequence files can be added)
46	+ Not in the password dictionary files you've provided (if any)

73	= Improvements Over Similar WordPress Plugins =
74
75	* Multisite network support
76	+ * Monitors auth cookies for bad user names and hashes
77	+ * Adjusts WordPress' password policy user interfaces
78	* Takes security seriously so the plugin itself does not open your site
79	to SQL, HTML, or header injection vulnerabilities
80	* Notice-free code means no information disclosures if `display_errors`

86	* Uses WordPress' features rather than fighting or overriding them
87	* No advertising, promotions, or beacons
88	* Proper internationalization support

89	* Clean, documented code
90	* Unit tests covering 100% of the main class
91	* Internationalized unit tests

93	For reference, the similar plugins include:
94
95	* [Better WP Security](http://wordpress.org/extend/plugins/better-wp-security/)
96	+ * [Limit Login Attempts](http://wordpress.org/extend/plugins/limit-login-attempts/)
97	* [Login Lock](http://wordpress.org/extend/plugins/login-lock/)
98	+ * [Login LockDown](http://wordpress.org/extend/plugins/login-lockdown/)
99	* [PMC Lockdown](http://wordpress.org/extend/plugins/pmc-lockdown/)
100	* [Simple Login Lockdown](http://wordpress.org/extend/plugins/simple-login-lockdown/)
101
102
103	+ = Compatability with Other Plugins =
104	+
105	+ Some plugins provide similar functionality. These overlaps can lead to
106	+ conflicts during program execution. Please read the FAQ!
107	+
108	+
109	= Translations =
110
111	+ * Français, français (French, France) (fr_FR) by [mermouy](http://wordpress.org/support/profile/mermouy)
112
113
114	= Securing Your WordPress Site is Important =

133	has probably gotten itself into your computer.
134
135
136	+ = Why Strong, Unique Passwords Are Important =
137
138	+ Yeah, creating, storing/remembering, and using a _different_, _strong_
139	+ password for each site you use is a hassle. _But it is absolutely
140	+ necessary._
141	+
142	+ Password lists get stolen on a regular basis from big name sites (like
143	+ Linkedin for example!). Criminals then have unlimited time to decode the
144	+ passwords. In general, 50% of those passwords are so weak they get figured
145	+ out in a matter of seconds. Plus there are computers on the Internet
146	+ dedicated to pounding the sites with login attempts, hoping to get lucky.
147	+
148	+ Many people use the same password for multiple sites. Once an attacker
149	+ figures out your password on one site, they'll try it on your accounts at
150	+ other sites. It gets ugly very fast.
151	+
152	+ But don't despair! There are good, free tools that make doing the right
153	+ thing a piece of cake. For example, [KeePass](http://keepass.info/).
154
155
156	== Installation ==

342
343	== Changelog ==
344
345	+ = 0.24.0 =
346	+ * Keep the password strength indicator from being enabled.
347	+ * Narrow down when the password policy text filter is enabled.
348	+
349	= 0.23.0 =
350	* Split user and site info into components before comparing them.
351	* Increase minimum password length to 10 characters.

354	* Track a given IP, user name, password combination only once.
355	* Prevent "not a valid MySQL-Link resource" on auth cookie failure.
356	* Increase default value of login_fail_notify from 20 to 50.
357	+ * Add partial French translation. Settings page needs doing. Thanks
358	+ [mermouy](http://wordpress.org/support/profile/mermouy)!
359
360	= 0.21.0 =
361	* Fix is_pw_outside_ascii() to permit spaces.

388	against their user name.
389
390	= 0.17.0 =
391	+ * Fix network IP query in get_login_fail(). (Bug #1553,
392	+ [deanmarktaylor](http://wordpress.org/support/profile/deanmarktaylor))
393	+ * Rename files holding expected test results. (Bug #1552,
394	+ [deanmarktaylor](http://wordpress.org/support/profile/deanmarktaylor))
395
396	= 0.16.0 =
397	* Have shell script gracefully handle value already being the desired value.
398
399	= 0.15.0 =
400	* Log auth cookie failures too.
401	+ * Clean up sleep logic. (Bug #1549,
402	+ [deanmarktaylor](http://wordpress.org/support/profile/deanmarktaylor))
403
404	= 0.14.0 =
405	* Fix emails being mistakenly sent in multisite mode that say "There have
406	+ been at least 0 failed attempts to log in". (Bug #1548,
407	+ [deanmarktaylor](http://wordpress.org/support/profile/deanmarktaylor))
408	* Add an `.htaccess` file that blocks access to this plugin's directory.
409
410	= 0.13.0 =

415	* Display a notice on top of admin pages when our maintenance mode is enabled.
416
417	= 0.11.0 =
418	+ * Use `POST` value for `$user_name` in `login_errors()` because global value
419	isn't always set.
420	* Add some more (commented out) log() calls to help users help me help them.
421

510	* Tested under WordPress 3.3.1.
511
512
513	+ == Other Notes ==












514
515	+ = Inspiration and References =

516
517	* Password Research
518	+ + [Why passwords have never been weaker -- and crackers have never been stronger](http://arstechnica.com/security/2012/08/passwords-under-assault/), Dan Goodin
519	+ [You can never have too many passwords: techniques for evaluating a huge corpus](http://www.cl.cam.ac.uk/~jcb82/doc/B12-IEEESP-evaluating_a_huge_password_corpus.pdf), Joseph Bonneau
520	+ [Analyzing Password Strength](http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf), Martin Devillers
521	+ [Consumer Password Worst Practices](http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdf), Imperva
522	+ [Preventing Brute Force Attacks on your Web Login](http://www.bryanrite.com/preventing-brute-force-attacks-on-your-web-login/), Bryan Rite
523	+ [Password Strength](http://xkcd.com/936/), Randall Munroe

524
525	* Technical Info
526	+ [The Extreme UTF-8 Table](http://doc.infosnel.nl/extreme_utf-8.html), infosnel.nl

530	+ [Dazzlepod Password List](http://dazzlepod.com/site_media/txt/passwords.txt), Dazzlepod
531	+ [Common Passwords](http://www.searchlores.org/commonpass1.htm), Fravia
532	+ [The Top 500 Worst Passwords of All Time](http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time), Mark Burnett
533	+
534	+ = To Do =
535	+
536	+ * Delete old data in the `fail` table.
537	+ * Provide a user interface to the `fail` table.
538	+
539	+ = Bugs and Feature Requests =
540	+
541	+ Report bugs and submit feature requests by opening a ticket in WordPress'
542	+ [plugins Trac website](https://plugins.trac.wordpress.org/newticket?component=login-security-solution).
543	+
544	+ You can also [view our existing tickets](https://plugins.trac.wordpress.org/query?status=assigned&status=closed&status=new&status=reopened&component=login-security-solution&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=component&desc=1&order=id) there.