Hello YardenSade, I’ll try to give answer to your questions.
Q1. Why the user name cannot be exact copy of the email?
Earlier release of plugin had exact functionality and it generated usernames from email. So, for example, if you were registered with demo@example.com, it would generate demo@example.com (valid username). But, this procedure becomes invalid with some email ids with special characters, like, my#demo@example.com (yes, it is valid email id) would be invalid as WordPress allows some limited set of characters in username.
Check out sanitize_user() function for more details.
Ref: https://core.trac.wordpress.org/browser/tags/4.2.2/src/wp-includes/formatting.php#L1193
Q2. is there a way to make it a bit secured? so lets say bots will not be able to auto register themselves?
Right now, smart wp login has no such functionality. However, you can use some other available plugins.
Ref: https://wordpress.org/plugins/wangguard/
Anything else, I’ll be happy to answer.
Thanks,
Nishant Kumar
