[wp-trac] [WordPress Trac] #63085: "Login details" spam sent by from the account registration page
WordPress Trac
noreply at wordpress.org
Thu Apr 16 17:40:53 UTC 2026
#63085: "Login details" spam sent by from the account registration page
-------------------------------------------------+-------------------------
Reporter: cweiske | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Login and Registration | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests has-test- | Focuses:
info |
-------------------------------------------------+-------------------------
Comment (by cweiske):
> I'm just imagining that someone may have made their username www.yyyy
.com-admin or similar in the past, which then would no longer be valid
after the wordpress update?
The username validation only affects user registration, not user login. I
just verified this.
Existing users with usernames "www.example.org" or "admin of
www.example.org" can continue to log in.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63085#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list