id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc,focuses 22421,Make more security for users by hidding existed usernames in wp-login.php,egorpromo,,"I propose don't show message “ERROR: Invalid username” in wp-login.php page when user enters incorect password. There must be more common message in wp-login.php page like: “ERROR: invalid username or password”. Also I propose don’t create new password by entering username in /wp-login.php?action=lostpassword. For creating new password user must enter email only, not his username. For security reason it is better do not uncover existed usernames. ",enhancement,closed,normal,,Users,3.4.2,normal,duplicate,,,