wp_die() instead of invalid password

Author: dannyvankooten

includes/protect-wp-login.php

@@ -24,6 +24,7 @@
             }
             requestAnimationFrame(() => {
                 button.classList.add('waiting-animate');
+                button.disabled = true;
             });
 
             window.setTimeout(() => {
@@ -33,6 +34,7 @@
                 input.value = '1';
                 document.querySelector('#loginform').prepend(input);
                 button.classList.remove('waiting-animate');
+                button.disabled = false;
             }, 2500);
         })
 
@@ -46,7 +48,8 @@
 
     $js_timeout_check = ($_POST['login-ok'] ?? '') === '1';
     $csrf_check = parse_url($_SERVER['HTTP_ORIGIN'] ?? '', PHP_URL_HOST) === parse_url(home_url(), PHP_URL_HOST);
+
     if (!$js_timeout_check || ! $csrf_check) {
-        $password = 'invalid';
+        wp_die("Sorry, we are unable to process your login request as we think you are a bot. Please try again if you're not.");
     }
 }, 10, 2);