Title: Security risk
Last modified: June 2, 2026

---

# Security risk

 *  [michaelhhhamburg](https://wordpress.org/support/users/michaelhhhamburg/)
 * (@michaelhhhamburg)
 * [6 days ago](https://wordpress.org/support/topic/security-risk-35/)
 * The WP User Manager is very good in principle and implementation and relatively
   easy to learn and set up. In my personal opinion and view, however, there is 
   a potential security risk, as the user name is disclosed if the associated password
   is incorrect. This means that attackers have the first 50 per cent (username 
   and/or email address). This error cannot be switched off or prevented at all.

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsecurity-risk-35%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this review.

 * ![](https://ps.w.org/wp-user-manager/assets/icon-256x256.png?rev=3468506)
 * [WP User Manager - User Profile Builder & Membership](https://wordpress.org/plugins/wp-user-manager/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-user-manager/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-user-manager/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-user-manager/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-user-manager/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-user-manager/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [michaelhhhamburg](https://wordpress.org/support/users/michaelhhhamburg/)
 * Last activity: [6 days ago](https://wordpress.org/support/topic/security-risk-35/)