Fake users with url as user name (idea)

Hi! I have the auto lockout feature for non existing users and I find it to be excellent!

I noticed a potential security risk, though, as some attacks consist of using a url as a user name and, when we receive a lockout notification, it comes with a built in link that could be accidentally clicked.

It would be nice if the plugin masked those user names (just the http or www part would likely be enough to neuter those links, maybe add spaces to break those links could help too).

Maybe have a special rule to block those users at first try instead of using the regular rule we have set up?

It would be nice if we could use expressions on “Instantly lockout specific usernames” like http*

The same should apply to registration, it would be nice to have a protection that prevents users from using urls in any field that’s not dedicated for that purpose (like user’s website).

Of course, it’s ok if you don’t feel like those ideas are useful or if it’s too complicated to implement them.