I've used the login wizard to create login forms for a site, and I was wondering whether its possible to change the error messages specific to the login form.
When one enters in bad username or pass, the form tells you which error you made- letting you know if you typed in the username correctly or the problem was the password.
My problem is with someone trying to hack into the site, knowing where the error is, as to whether the error was the username or password would make his work easy, because the hacker would know when he has a correct username or a bad password.
Is there a way of modifying some files whether in the includes folder or on the login form so that instead of the error message being so specific, the user gets something like error: Login failed (this part is already part of the form by default) and then added to that message, are words like:
The e-mail address or password is incorrect. Please try again.
The point is then the hacker would have a harder time knowing when he has the correct username and won't then move on to just guessing a password.
I believe the file you need to edit is something like
includes/resources/tNG.res.php. Your best bet is to use DW's search to
search all files in the includes folder for the phrase you want. That
will locate the file you need to edit.