diff --git a/src/wp-login.php b/src/wp-login.php
index abedea82c3589..cd79fbf2c0b2f 100644
--- a/src/wp-login.php
+++ b/src/wp-login.php
@@ -94,7 +94,7 @@ function login_header( $title = null, $message = '', $wp_error = null ) {
>
- <?php echo $login_title; ?>
+ <?php echo esc_html( $login_title ); ?>