diff --git a/class-two-factor-core.php b/class-two-factor-core.php
index 7c0ad9a0..df6e566c 100644
--- a/class-two-factor-core.php
+++ b/class-two-factor-core.php
@@ -1022,10 +1022,10 @@ public static function maybe_show_last_login_failure_notice( $user ) {
echo '
';
printf(
esc_html(
- /* translators: 1: number of failed login attempts, 2: time since last failed attempt */
+ /* translators: 1: number of failed verification code attempts, 2: human-readable time since the last attempt, e.g. "5 minutes" */
_n(
- 'WARNING: Your account has attempted to login %1$s time without providing a valid two factor token. The last failed login occurred %2$s ago. If this wasn\'t you, you should reset your password.',
- 'WARNING: Your account has attempted to login %1$s times without providing a valid two factor token. The last failed login occurred %2$s ago. If this wasn\'t you, you should reset your password.',
+ '%1$s failed verification code attempt on this account. The last attempt was %2$s ago. If you did not make this attempt, review your account security after logging in.',
+ '%1$s failed verification code attempts on this account. The last attempt was %2$s ago. If you did not make these attempts, review your account security after logging in.',
$failed_login_count,
'two-factor'
)
diff --git a/tests/class-two-factor-core.php b/tests/class-two-factor-core.php
index 38052106..e1a44f98 100644
--- a/tests/class-two-factor-core.php
+++ b/tests/class-two-factor-core.php
@@ -797,8 +797,7 @@ public function test_maybe_show_last_login_failure_notice() {
$this->assertNotEmpty( $contents );
$this->assertStringNotContainsString( '1 times', $contents );
- $this->assertStringContainsString( 'attempted to login', $contents );
- $this->assertStringContainsString( 'without providing a valid two factor token', $contents );
+ $this->assertStringContainsString( 'failed verification code attempt', $contents );
// 5 failed login attempts 5 hours ago - User should be informed.
$five_hours_ago = time() - 5 * HOUR_IN_SECONDS;
@@ -809,10 +808,31 @@ public function test_maybe_show_last_login_failure_notice() {
$contents = ob_get_clean();
$this->assertNotEmpty( $contents );
- $this->assertStringContainsString( '5 times', $contents );
+ $this->assertStringContainsString( 'failed verification code attempts', $contents );
$this->assertStringContainsString( human_time_diff( $five_hours_ago ), $contents );
}
+ /**
+ * Test that the login failure notice uses calm, informational language.
+ *
+ * @covers Two_Factor_Core::maybe_show_last_login_failure_notice()
+ */
+ public function test_login_failure_notice_language_is_calm_and_informational() {
+ $user = $this->get_dummy_user();
+ update_user_meta( $user->ID, Two_Factor_Core::USER_FAILED_LOGIN_ATTEMPTS_KEY, 3 );
+ update_user_meta( $user->ID, Two_Factor_Core::USER_RATE_LIMIT_KEY, time() - 60 );
+
+ ob_start();
+ Two_Factor_Core::maybe_show_last_login_failure_notice( $user );
+ $contents = ob_get_clean();
+
+ $this->assertStringNotContainsString( 'WARNING', $contents );
+ $this->assertStringNotContainsString( "wasn't you", $contents );
+ $this->assertStringNotContainsString( 'reset your password', $contents );
+ $this->assertStringContainsString( 'failed verification code', $contents );
+ $this->assertStringContainsString( 'review your account security', $contents );
+ }
+
/**
* Test no reset notice when no errors.
*