WordPress.org

Make WordPress Core

Opened 6 months ago

Closed 6 months ago

Last modified 6 months ago

#53373 closed enhancement (duplicate)

Reset password process reveals if an email address exists in the database

Reported by: henry.wright Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords:
Focuses: Cc:

Description

If an email address doesn't exist, this message is given when a password reset is requested:

Error: There is no account with that username or email address.

This, although debatable, isn't good practice.

Change History (2)

#1 @jorbin
6 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

This is by design. There is a balance to be made between security and user-friendliness.

The decision to leave this alone has been made many many times as shown in the following tickets (if not others).
Related, duplicate: #3708, #4290, #5301, #12129, #22421, #31787, #45318

#2 @henry.wright
6 months ago

Thanks for pointing that out. I respectfully disagree but I do understand the push for user-friendliness

Note: See TracTickets for help on using tickets.