diff --git a/ext/uri/tests/whatwg/modification/password_success_unset_existing.phpt b/ext/uri/tests/whatwg/modification/password_success_unset_existing.phpt
index 957973b062a22..203b831411a66 100644
--- a/ext/uri/tests/whatwg/modification/password_success_unset_existing.phpt
+++ b/ext/uri/tests/whatwg/modification/password_success_unset_existing.phpt
@@ -15,5 +15,5 @@ var_dump($url2->toAsciiString());
 ?>
 --EXPECT--
 string(8) "password"
-NULL
+string(0) ""
 string(29) "https://username@example.com/"
diff --git a/ext/uri/tests/whatwg/modification/password_success_unset_existing2.phpt b/ext/uri/tests/whatwg/modification/password_success_unset_existing2.phpt
new file mode 100644
index 0000000000000..06bade29468fd
--- /dev/null
+++ b/ext/uri/tests/whatwg/modification/password_success_unset_existing2.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Test Uri\WhatWg\Url component modification - password - unsetting existing
+--EXTENSIONS--
+uri
+--FILE--
+<?php
+
+$url1 = Uri\WhatWg\Url::parse("https://:password@example.com");
+$url2 = $url1->withPassword(null);
+
+var_dump($url1->getPassword());
+var_dump($url2->getPassword());
+var_dump($url2->toAsciiString());
+
+?>
+--EXPECT--
+string(8) "password"
+NULL
+string(20) "https://example.com/"
diff --git a/ext/uri/tests/whatwg/modification/password_success_unset_non_existent2.phpt b/ext/uri/tests/whatwg/modification/password_success_unset_non_existent2.phpt
index a2140669ee8aa..a795f3197a6dc 100644
--- a/ext/uri/tests/whatwg/modification/password_success_unset_non_existent2.phpt
+++ b/ext/uri/tests/whatwg/modification/password_success_unset_non_existent2.phpt
@@ -14,6 +14,6 @@ var_dump($url2->toAsciiString());
 
 ?>
 --EXPECT--
-NULL
-NULL
+string(0) ""
+string(0) ""
 string(29) "https://username@example.com/"
diff --git a/ext/uri/tests/whatwg/modification/username_success_unset_existing.phpt b/ext/uri/tests/whatwg/modification/username_success_unset_existing.phpt
index f71deff3f207b..8340b4ca1db61 100644
--- a/ext/uri/tests/whatwg/modification/username_success_unset_existing.phpt
+++ b/ext/uri/tests/whatwg/modification/username_success_unset_existing.phpt
@@ -15,5 +15,5 @@ var_dump($url2->toAsciiString());
 ?>
 --EXPECT--
 string(8) "username"
-NULL
+string(0) ""
 string(30) "https://:password@example.com/"
diff --git a/ext/uri/tests/whatwg/modification/username_success_unset_existing2.phpt b/ext/uri/tests/whatwg/modification/username_success_unset_existing2.phpt
new file mode 100644
index 0000000000000..ccfeac222e4e9
--- /dev/null
+++ b/ext/uri/tests/whatwg/modification/username_success_unset_existing2.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Test Uri\WhatWg\Url component modification - username - unsetting existing
+--EXTENSIONS--
+uri
+--FILE--
+<?php
+
+$url1 = Uri\WhatWg\Url::parse("https://username:@example.com");
+$url2 = $url1->withUsername(null);
+
+var_dump($url1->getUsername());
+var_dump($url2->getUsername());
+var_dump($url2->toAsciiString());
+
+?>
+--EXPECT--
+string(8) "username"
+NULL
+string(20) "https://example.com/"
diff --git a/ext/uri/tests/whatwg/modification/username_success_unset_non_existent2.phpt b/ext/uri/tests/whatwg/modification/username_success_unset_non_existent2.phpt
index e5af4efb223db..7886b35fd9b84 100644
--- a/ext/uri/tests/whatwg/modification/username_success_unset_non_existent2.phpt
+++ b/ext/uri/tests/whatwg/modification/username_success_unset_non_existent2.phpt
@@ -14,6 +14,6 @@ var_dump($url2->toAsciiString());
 
 ?>
 --EXPECT--
-NULL
-NULL
+string(0) ""
+string(0) ""
 string(30) "https://:password@example.com/"
diff --git a/ext/uri/uri_parser_whatwg.c b/ext/uri/uri_parser_whatwg.c
index 954753142885b..ef9bf0e020c34 100644
--- a/ext/uri/uri_parser_whatwg.c
+++ b/ext/uri/uri_parser_whatwg.c
@@ -274,12 +274,18 @@ static zend_result php_uri_parser_whatwg_scheme_write(void *uri, zval *value, zv
 	return SUCCESS;
 }
 
+/* 4.2. URL miscellaneous: A URL includes credentials if its username or password is not the empty string. */
+static bool includes_credentials(const lxb_url_t *lexbor_uri)
+{
+	return lexbor_uri->username.length > 0 || lexbor_uri->password.length > 0;
+}
+
 static zend_result php_uri_parser_whatwg_username_read(void *uri, php_uri_component_read_mode read_mode, zval *retval)
 {
 	const lxb_url_t *lexbor_uri = uri;
 
-	if (lexbor_uri->username.length) {
-		ZVAL_STRINGL(retval, (const char *) lexbor_uri->username.data, lexbor_uri->username.length);
+	if (includes_credentials(lexbor_uri)) {
+		ZVAL_STRINGL_FAST(retval, (const char *) lexbor_uri->username.data, lexbor_uri->username.length);
 	} else {
 		ZVAL_NULL(retval);
 	}
@@ -307,8 +313,8 @@ static zend_result php_uri_parser_whatwg_password_read(void *uri, php_uri_compon
 {
 	const lxb_url_t *lexbor_uri = uri;
 
-	if (lexbor_uri->password.length > 0) {
-		ZVAL_STRINGL(retval, (const char *) lexbor_uri->password.data, lexbor_uri->password.length);
+	if (includes_credentials(lexbor_uri)) {
+		ZVAL_STRINGL_FAST(retval, (const char *) lexbor_uri->password.data, lexbor_uri->password.length);
 	} else {
 		ZVAL_NULL(retval);
 	}