diff --git a/wp-admin/install.php b/wp-admin/install.php
index 93a914807..4eeb6aff5 100644
--- a/wp-admin/install.php
+++ b/wp-admin/install.php
@@ -193,6 +193,9 @@ switch($step) {
 			// TODO: poka-yoke
 			display_setup_form( __('you must provide a valid username.') );
 			$error = true;
+		} elseif ( $user_name != sanitize_user( $user_name, true ) ) {
+			display_setup_form( __('the username you provided has invalid characters.') );
+			$error = true;
 		} elseif ( $admin_password != $admin_password_check ) {
 			// TODO: poka-yoke
 			display_setup_form( __( 'your passwords do not match. Please try again' ) );