[wp-hackers] WordPress can "leak" if a username is valid

Alex Hempton-Smith hempsworth at googlemail.com
Tue Feb 19 13:57:08 GMT 2008

> By the way, I usually make another account the superadmin, and de-
> privilege admin at all, like a subscriber.

Great idea, I think I'll do that when I get home!

I've closed the ticket following the discussion here, and the reasons given
in the previous tickets which followed the same theme.

The reason for it being opened was because a correct username could be
"leaked", however this can be achieved in multiple other circumstances, and
the default admin username is known by all (unless they change it as Paolo

Feel free to re-open it, but those are my reasons and we need to close up
the tonnes of open tickets which can be closed


More information about the wp-hackers mailing list