Improve messaging on login.wordpress.org

[Otto42]

We've been getting a lot of very specific kinds of emails to the forum-password-resets email lately. Not sure why the uptick in these specifically, but after asking people how they got to us, we are reasonably sure how they got there.

Case:

• User goes to their wp-admin on their own site.
• Some error happens (various causes), causing the error message:

"There has been a critical error on this website. Please check your site admin email inbox for instructions.
Learn more about debugging in WordPress."

• The learn more line is linked to ​https://wordpress.org/support/article/debugging-in-wordpress/
• Now, this is a user, so they get there, and there's no info there that really helps them out (the content there can be debated elsewhere), but there are Login links in the admin bar.
• That takes them to ​https://login.wordpress.org/
• They try to login using admin/whatever or some other username. The admin name has been a bit common in these cases.

Result: "ERROR: Your account has been disabled. Please contact forum-password-resets@… for more details."

Which leads them to emailing us. We then have to explain the difference between their site and w.org, why their username won't work, how to register, how to get to the support forums to ask their question, etc. Basically, they're confused as heck and we're getting the email about it.

So, there's a few ideas, but one of them is to improve the messaging on the login page.

1. On the login page, we have the WordPress.org logo instead of the normal one, but no messaging indicating where they are. Idea: Add in some text right there, before they login.

"Log in to your WordPress.org account to contribute to WordPress, get help in the support forum, or rate and review themes and plugins." or something like that. Tell them where they are and what they are currently doing.

2. On the error message: detect common username cases like "admin" and provide better info. Yes, the "admin" account is blocked on org and will be forever, so nobody will ever use it legitimately, so they are obviously in the wrong place and should be told so and where to properly go to most likely help them.

3. Similar for username does not exist cases. Different messaging perhaps, tell them to try their email address instead or something.

The goal being to try to prevent confused people emailing us and even including their admin passwords. Which yes, happens a lot. If we can recognize what they're doing wrong, then provide them with better info instead of just the password reset email address.

While we're at it, improve the existing messages as well. This may need some design work for how to best display this information on the page, since the current space is too small, really. Mobile is tricky as well.

[Otto42]

Related: ​https://core.trac.wordpress.org/ticket/52392

[dd32]

In 10844:

Login: Don't show the "Account disabled" error message when someone attempts to login with the username 'admin', instead, give a nicer error message suggesting they're in the wrong location.

This was adapted from the WordCamp login message.

See #5590.

[dd32]

In 10845:

Login: Add the 'WordPress.org is ...' text via a action/filter instead of hard-coding it into the login template.

This allows for the text to be displayed when landing on the wp-login.php page as well.

See #5590.

[dd32]

In 10850:

Login: Change the username unknown message to be more explicit.

See #5590.

[dd32]

Replying to Otto42:

1. On the login page, we have the WordPress.org logo instead of the normal one, but no messaging indicating where they are. Idea: Add in some text right there, before they login.

There was messaging on the login landing page, but not once they proceeded to attempt to login. [10845] added that text to the wp-login.php pages too.

2. On the error message: detect common username cases like "admin" and provide better info. Yes, the "admin" account is blocked on org and will be forever, so nobody will ever use it legitimately, so they are obviously in the wrong place and should be told so and where to properly go to most likely help them.

Result: "ERROR: Your account has been disabled. Please contact forum-password-resets@… for more details."

Added a much more specific error in [10844] in line with the WordCamp messaging, not fully set on it, but it's much better than what was there. *Are you in the right place?* This login form is for the WordPress.org website, rather than your personal WordPress site.

3. Similar for username does not exist cases. Different messaging perhaps, tell them to try their email address instead or something.

The existing error message here was horrible - but did tell them to try their email (or at least that's what it was trying to do), I've filed ​#core52915 to change it upstream, and added a more specific WordPress.org variant in [10850]

I've also filed ​#core52914 to fix the inconsistent error message formats with/without the <strong>Error:</strong> prefix.

While we're at it, improve the existing messages as well.

The majority of the error messages come from Core rather than WordPress.org, but I agree that they need reworking. See ​#core52914 for a listing of all the various error messages that can be encountered. [10850] includes some error overwriting abilities, so if you're aware of other errors that should be reworked more urgently on WordPress.org to reduce the support load, let's do it.

I think this is probably enough to mark this as closed for WordPress.org?