justintadlock
commented
10 years ago Something like that might work. I'm not as familiar with the security end of things like brute forcing passwords.
Nevertheless, this is really outside the scope of this plugin since it's specific purpose is to stop user registration spam. So, I'm going to close this ticket for that reason. Feel free to continue the discussion though or even give it a test run on the login form.
If one added these two lines to the constructor, it would add the hidden field to the login form as well:
add_action( 'login_form', array( $this, 'register_form' ), 99 ); add_action( 'login_form_login', array( $this, 'check_honeypot' ), 0 );
Would there be a reason not to do this? I'm thinking: if someone is trying to brute force your password, would it be wiser to use a login lockout plugin to prevent them from overloading your server with login requests or would this type of thing do just as well? Thoughts?