[wp-trac] [WordPress Trac] #22421: Make more security for users by hidding existed usernames in wp-login.php
WordPress Trac
noreply at wordpress.org
Mon Nov 12 14:17:48 UTC 2012
#22421: Make more security for users by hidding existed usernames in wp-login.php
-----------------------------+-------------------------
Reporter: egorpromo | Type: enhancement
Status: new | Priority: normal
Milestone: Awaiting Review | Component: Users
Version: 3.4.2 | Severity: normal
Keywords: |
-----------------------------+-------------------------
I propose don't show message “ERROR: Invalid username” in wp-login.php
page when user enters incorect password. There must be more common message
in wp-login.php page like: “ERROR: invalid username or password”.
Also I propose don’t create new password by entering username in /wp-
login.php?action=lostpassword. For creating new password user must enter
email only, not his username.
For security reason it is better do not uncover existed usernames.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/22421>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list