Changes between Initial Version and Version 1 of Ticket #43037, comment 48
- Timestamp:
- 06/16/2020 04:00:16 PM (5 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #43037, comment 48
initial v1 3 3 This is relatively common practice among websites that allow for open registration, even ones (like WordPress) where the username is considered public. Sure, we can all guess that `admin` is the default username, but WordPress allows for the default username to be set on new site creation as another way to mitigate a similar attack. 4 4 5 In WordPress, this partially why `user_login` and `user_nicename` are 2 different fields in the database, though are largely treated as the same internally - to provide the option of having anonymized logins and/or URI friendly versions of more complex logins.5 In WordPress, this is partially why `user_login` and `user_nicename` are 2 different fields in the database (though are largely treated as interchangeable externally) - to provide the option of having anonymized logins and/or URI friendly versions of more complex logins (think LDAP, which is still a huge WordPress integration). 6 6 7 7 Perhaps over the years, leaking this type of information has become less of a concern, but I didn't see that counterpoint raised here, so I thought I would mention it.