id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
22421,Make more security for users by hidding existed usernames in wp-login.php,egorpromo,,"I propose don't show message “ERROR: Invalid username” in wp-login.php page when user enters incorect password. There must be more common message in wp-login.php page like: “ERROR: invalid username or password”.

Also I propose don’t create new password by entering username in /wp-login.php?action=lostpassword. For creating new password user must enter email only, not his username.

For security reason it is better do not uncover existed usernames. 
",enhancement,closed,normal,,Users,3.4.2,normal,duplicate,,