WordPress.org

Making WordPress.org

Opened 2 years ago

Closed 2 years ago

#2858 closed defect (invalid)

I just posted a question in a support forum, only to see my EMAIL ADDRESS as the 'USERNAME' & there is no option to delete my post either. - MAJOR SECURITY FLAW

Reported by: cooljen@… Owned by:
Milestone: Priority: high
Component: Support Forums Keywords:
Cc:

Description

I want my username changed or at least the post deleted.
For a company that is supposed to take privacy 'very seriously' this is a serious error.

The only solution I saw was in here https://wordpress.org/support/topic/wordpress-org-change-username/ which was only to create a new profile. That is NOT A SOLUTION. Besides it being ridiculously confusing having multiple wordpress accounts that are not the same or linked, This 'solution' is also confusing because when I tried to do that, that would not work either. I didn't see an option to delete my post. I tried logging out and registering with a new username, only to seemingly have it think its my email. I could not log in and tried to get a reset link sent to me and never got anything. EDIT: I finally got that reset email and it shows the request for the same username (my email address) so why the hell is the username in my account showing my full email instead of the shortened version?

I should at least be able to delete the post but there is no option for that.

The login prompts for username/email. It DOES NOT notify the user that this will be displayed publicly. In that case, it should only prompt for 'username' and not email AND it should express to the user that this name will be displayed. THIS IS A HUGE ISSUE and should not be taken lightly.

I want my username changed. Edit my post to only show my display name or my new username (of my choosing, and not my email address).

Please get back to me as quickly as possible as I just posted. It is not right having my email address on full display! I almost posted a review for the plugin and I'm glad I didn't - that's even more visibility.

Change History (3)

#1 @cooljen@…
2 years ago

  • Keywords reporter-feedback removed

This ticket was mentioned in Slack in #forums by hardeepasrani. View the logs.


2 years ago

#3 @Clorith
2 years ago

  • Keywords dev-feedback needs-codex needs-docs needs-testing ui-feedback ux-feedback removed
  • Resolution set to invalid
  • Status changed from new to closed

Hi there,

WordPress does not view email addresses as sensitive information in the manner you are relating it to (chances are you already hand this out on a daily basis to numerous people), but you can easily change your own display name just like you would in your own WordPress install.

As for the prompt, this is only a login screen (as of WordPress 4.5 logging in using an email address is supported), and does not relate to what name is displayed anywhere.

Note: See TracTickets for help on using tickets.