[wp-hackers] Securing Wordpress Login

Arne Brachhold himself at arnebrachhold.de
Tue Aug 22 07:44:58 GMT 2006


Viper007Bond wrote:
> I'm all for blocking people from the login from after X fails, but changing
> passwords and forcing secure passwords is retarded IMO.

Definitely. I've never seen a web application / service which changed
my password without my request.

> Sure, a strength _indicator_ would be cool, but forcing?

No, never force it, just mark it as "Bad" so people can decide. Not
every blog needs a super-secure-10-chacrater password.

All we need is a solution to slow down automated attacks but without
annoying the actual user.

-- 
Arne Brachhold
mail:  himself at arnebrachhold.de
web:   http://www.arnebrachhold.de/


More information about the wp-hackers mailing list