I thought I might submit a bug report at wordpress.org, but I just don’t feel like creating an account in order to do it. Maybe some WordPress developer will notice this post.
I received a phone call yesterday afternoon from a client who was having trouble installing a WordPress plugin. She very carefully entered into WordPress the correct user name and password for the FTP server, but was repeatedly told that the user name and/or password were incorrect. She cranked up Filezilla to connect to the FTP server and it worked just fine. Verrrry interesting, but stupid.
I looked again at the randomly generated password I’d created for that FTP account. It contained all perfectly valid characters that the FTP server and the operating system’s authentication service liked just fine, but WordPress is stupid. In the middle of the long, randomly generated password were the characters < which are the HTML character entity reference for the less-than symbol. WordPress was converting the four characters < to the single character < and so was itself screwing up the password.
Underwhelming brilliance, eh?