[wp-trac] [WordPress Trac] #56911: Login email alert includes administrator username?!
WordPress Trac
noreply at wordpress.org
Wed Oct 26 08:54:20 UTC 2022
#56911: Login email alert includes administrator username?!
-------------------------------------------+-----------------------------
Reporter: jrpmedia | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Mail | Version: 6.1
Severity: major | Keywords: needs-testing
Focuses: accessibility, administration |
-------------------------------------------+-----------------------------
I have my site set to email me when an Administrator logs in.
This email includes the Administrators username :-O
Surely that username in an 'open' email could be intercepted and used to
assist in a hack?
I have tried changing/adding the username as a shortname but this does not
affect the email.
Hers is an example of the email:
----------------------------------------------------------
A user with username "O8xxx0ozqxxxxxxx" who has administrator access
signed in to your WordPress site.
User IP: 81.xxx.7.51
User hostname: host81-148-7-51.range81-148.btcentralplus.com
User location: Blackpool, United Kingdom
----------------------------------------------------------
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56911>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list