id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
22421	Make more security for users by hidding existed usernames in wp-login.php	egorpromo		"I propose don't show message “ERROR: Invalid username” in wp-login.php page when user enters incorect password. There must be more common message in wp-login.php page like: “ERROR: invalid username or password”.

Also I propose don’t create new password by entering username in /wp-login.php?action=lostpassword. For creating new password user must enter email only, not his username.

For security reason it is better do not uncover existed usernames. 
"	enhancement	closed	normal		Users	3.4.2	normal	duplicate