WordPress.org

Make WordPress Core

Opened 6 months ago

Last modified 5 months ago

#41136 new defect (bug)

Login forms lacking autocomplete attributes

Reported by: johnjamesjacoby Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords: needs-patch ux-feedback
Focuses: Cc:

Description (last modified by ocean90)

The security team received a report via HackerOne related to autocomplete attributes being omitted from various form fields in wp-login.php. Since there is no direct security issue (and we've handled this type of improvement publicly previously) I'm creating a new ticket here to continue that.

In my research, form fields in wp_login_form(), show_user_form(), and show_blog_form() need similar scrutiny and improvements.

Related: #24364

Attachments (1)

41136.patch (2.4 KB) - added by dhanendran 5 months ago.
autocomplete attribute added

Download all attachments as: .zip

Change History (4)

#1 @netweb
6 months ago

Related: #buddypress6269 "Add autocomplete="off" to bp-login widget password field"

There's some useful prior research links in the above ticket

#2 @ocean90
5 months ago

  • Description modified (diff)

@dhanendran
5 months ago

autocomplete attribute added

#3 @afercia
5 months ago

  • Component changed from Users to Login and Registration
Note: See TracTickets for help on using tickets.