diff --git a/plugins/wordpress-mu-plugin-fasauth/fasauth.php b/plugins/wordpress-mu-plugin-fasauth/fasauth.php
index f4e264f..6344564 100644
--- a/plugins/wordpress-mu-plugin-fasauth/fasauth.php
+++ b/plugins/wordpress-mu-plugin-fasauth/fasauth.php
@@ -45,13 +45,13 @@ if (!function_exists('wp_authenticate')) {
         curl_setopt($ch, CURLOPT_POSTFIELDS, "username=".urlencode($username)."&user_name=".urlencode($username)."&password=".urlencode($password)."&login=Login");
         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 
-        # WARNING: Never leave this on in production, as it will cause
-        # plaintext passwords to show up in error logs.
-        curl_setopt($ch, CURLOPT_VERBOSE, 0);
+        # WARNING: Never enable this line when running in production, as it will
+        # cause plaintext passwords to show up in error logs.
+        #curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
 
         # The following two lines need to be uncommented when using a test FAS
-        # with an invalid cert.  Otherwise they should be commented (or set to
-        # True) for security.
+        # with an invalid cert.  Otherwise they should be commented out (or set
+        # to True) for security.
         #curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
         #curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
 
diff --git a/scripts/Auth_FAS_MediaWiki/Auth_FAS.php b/scripts/Auth_FAS_MediaWiki/Auth_FAS.php
index 0a25a5d..7cc7467 100644
--- a/scripts/Auth_FAS_MediaWiki/Auth_FAS.php
+++ b/scripts/Auth_FAS_MediaWiki/Auth_FAS.php
@@ -15,13 +15,13 @@ class Auth_FAS extends AuthPlugin {
         curl_setopt($ch, CURLOPT_POSTFIELDS, "username=".urlencode($username)."&user_name=".urlencode($username)."&password=".urlencode($password)."&login=Login");
         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 
-        # WARNING: Never leave this on in production, as it will cause
-        # plaintext passwords to show up in error logs.
-        curl_setopt($ch, CURLOPT_VERBOSE, 0);
+        # WARNING: Never enable this line when running in production, as it will
+        # cause plaintext passwords to show up in error logs.
+        #curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
 
         # The following two lines need to be uncommented when using a test FAS
-        # with an invalid cert.  Otherwise they should be commented (or set to
-        # True) for security.
+        # with an invalid cert.  Otherwise they should be commented out (or set
+        # to True) for security.
         #curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
         #curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);