Opened 12 years ago
Closed 12 years ago
#22421 closed enhancement (duplicate)
Make more security for users by hidding existed usernames in wp-login.php
Reported by: | egorpromo | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.4.2 |
Component: | Users | Keywords: | |
Focuses: | Cc: |
Description
I propose don't show message “ERROR: Invalid username” in wp-login.php page when user enters incorect password. There must be more common message in wp-login.php page like: “ERROR: invalid username or password”.
Also I propose don’t create new password by entering username in /wp-login.php?action=lostpassword. For creating new password user must enter email only, not his username.
For security reason it is better do not uncover existed usernames.
Change History (2)
Note: See
TracTickets for help on using
tickets.
Related/partial duplicate: #12129