Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #43037, comment 48


Ignore:
Timestamp:
06/16/2020 04:00:16 PM (5 years ago)
Author:
johnjamesjacoby
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #43037, comment 48

    initial v1  
    33This is relatively common practice among websites that allow for open registration, even ones (like WordPress) where the username is considered public. Sure, we can all guess that `admin` is the default username, but WordPress allows for the default username to be set on new site creation as another way to mitigate a similar attack.
    44
    5 In WordPress, this partially why `user_login` and `user_nicename` are 2 different fields in the database, though are largely treated as the same internally - to provide the option of having anonymized logins and/or URI friendly versions of more complex logins.
     5In WordPress, this is partially why `user_login` and `user_nicename` are 2 different fields in the database (though are largely treated as interchangeable externally) - to provide the option of having anonymized logins and/or URI friendly versions of more complex logins (think LDAP, which is still a huge WordPress integration).
    66
    77Perhaps over the years, leaking this type of information has become less of a concern, but I didn't see that counterpoint raised here, so I thought I would mention it.