

Of Phishing Attacks and WordPress 0days - akerl_
https://blog.cloudflare.com/of-phishing-attacks-and-wordpress-0days/

======
bandrami
_First is username:password@url abuse. This notation - now deprecated because
only an idiot would pass credentials in the HTTP query string these days_

Err... username:password@host is not the query string and gets sent down the
wire exactly like when you authenticate with the server the "normal" way.

