Class comment-author-$login uses login, why not ID

[webliberty]

Login to the administrator console requires entering a login and password. If the comment contains a class with a login, then the attacker can only pick up the password, because login is already known.

Why not replace the login to ID or nickname?

[swissspidy]

Disclosing usernames is not a security issue, see ​https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/#why-are-disclosures-of-usernames-or-user-ids-not-a-security-issue.

Also worth noting that usernames are displayed in many more locations, not just this HTML class. Only changing it in one place doesn't make sense. Plus, there are themes that use comment-author-$login for styling or other purposes. We can't just remove that, otherwise we break these themes.

[webliberty]

Got it. Agree, for styling is quite suitable and comment-author-$ID.

Knowing the login, it's easier to pick up the password by searching, using the dictionary. I hope in the future you will be able to return to this question and reconsider your point of view.