[wp-trac] [WordPress Trac] #63085: "Login details" spam sent by from the account registration page
WordPress Trac
noreply at wordpress.org
Wed Apr 15 22:40:49 UTC 2026
#63085: "Login details" spam sent by from the account registration page
-------------------------------------------------+-------------------------
Reporter: cweiske | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Login and Registration | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests has-test- | Focuses:
info |
-------------------------------------------------+-------------------------
Comment (by minimoo):
On the basis that someone signing up should know the username they've
entered (and also know their email) - wouldn't it be easier to continue to
allow www. in a username - but just remove the username field from the
email.
So the initial email just contains the link to set password.
I'm just imagining that someone may have made their username www.yyyy.com-
admin or similar in the past, which then would no longer be valid after
the wordpress update?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63085#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list