diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 46ed77c426..9de8b92ea2 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -304,6 +304,8 @@ if ( !function_exists('wp_login') ) :
 function wp_login($username, $password, $already_md5 = false) {
 	global $wpdb, $error;
 
+	$username = sanitize_user($username);
+
 	if ( '' == $username )
 		return false;