[wp-trac] [WordPress Trac] #61481: Critical Bug in WordPress Affecting User Privacy (comment_class)
WordPress Trac
noreply at wordpress.org
Sun Jun 23 08:01:53 UTC 2024
#61481: Critical Bug in WordPress Affecting User Privacy (comment_class)
--------------------------+------------------------------
Reporter: kamalireal | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version:
Severity: major | Resolution:
Keywords: close | Focuses:
--------------------------+------------------------------
Changes (by knutsp):
* keywords: => close
Comment:
This is not a bug in WordPress. WordPress has always had the policy that
usernames *may* be publicly detectable, and hence should not contain
private information, at least not in a general and predictable way on the
site.
If a *site owner* are encouraging their users to put such information into
the usernames upon signing up, without a warning, then they are
responsible for this situation. Like if they ask new users to add any
other private, possibly sensitive, information like health status, into
either their user bio, display name or login user name.
Stop doing this and protect your users from exposing private information.
There are other alternatives for chooosing or generating login user names.
Personally, I would like WordPress to disallow both email adresses (@) and
all numeric usernames.
Strongly suggest wontfix.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61481#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list