Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#53374 closed enhancement (duplicate)

Log in process reveals if an email address exists in the database

Reported by: henrywright's profile henry.wright Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords:
Focuses: Cc:


If an email address doesn't exist, this message is given when log in is attempted:

Unknown email address. Check again or try your username.

This, although debatable, isn't good practice.

Change History (2)

#1 @jorbin
3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

As mentioned on #53373, This is by design. There is a balance to be made between security and user-friendliness.

The decision to leave this alone has been made many many times as shown in the following tickets (if not others).
Related, duplicate: #3708, #4290, #5301, #12129, #22421, #31787, #45318

#2 @henry.wright
3 years ago

Thanks for pointing that out. I respectfully disagree but I do understand the push for user-friendliness

Note: See TracTickets for help on using tickets.