[wp-trac] [WordPress Trac] #63085: "Login details" spam sent by from the account registration page
WordPress Trac
noreply at wordpress.org
Tue Apr 7 19:26:00 UTC 2026
#63085: "Login details" spam sent by from the account registration page
-------------------------------------------------+-------------------------
Reporter: cweiske | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Login and Registration | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests has-test- | Focuses:
info |
-------------------------------------------------+-------------------------
Changes (by cweiske):
* keywords: has-patch has-unit-tests => has-patch has-unit-tests has-test-
info
Comment:
== How to test
1. Enable registration: General Settings > Membership > Anyone can
register
2. Log out, open the login form and click "register"
3. Enter "www.spammer.com 123 BTC" as username, and a dummy e-mail
address.
4. Submit the registration form. The username will be rejected.
5. Try to register again, this time as username "123 Bitcoin
www.spammer.com"
6. Submit the registration form. The username will be rejected.
7. Try to register again with a username that does not begin with "www."
and does not contain "<space>www.". This username will not be rejected.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63085#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list