[wp-hackers] Securing Wordpress Login

Dr Deviant deviant at dr-deviant.net
Tue Aug 22 15:38:07 GMT 2006


Here's a thought - why not have some options in the core that allowed you to 
configure strength etc along the lines of the major policies that get used 
(history, character length, character content and repeatability etc) ?? I 
think someone mentioned a plug-in as well, but I have not seen any hooks 
around the password entry areas.

It would be so nice to redefine the login page and control that process a 
little more. <sigh>

Another issue is with the corporate entity. A lot of LARGE corporations 
require strong passwords as part of their externalised business model, and 
as such if the WP development team want the product to taken up by corporate 
out of the box, then someone needs to make them feel a little more loved. 
The easiest way here is to hook WordPress up to the corporate LDAP/AD 
service where all of the strength is handled for you, the corporation then 
has their warmer glowier feeling.

Cheers
Nigel.

----- Original Message ----- 
From: "Arne Brachhold" <himself at arnebrachhold.de>
To: <wp-hackers at lists.automattic.com>
Sent: Tuesday, August 22, 2006 8:44 AM
Subject: Re: [wp-hackers] Securing Wordpress Login


> Viper007Bond wrote:
>> I'm all for blocking people from the login from after X fails, but 
>> changing
>> passwords and forcing secure passwords is retarded IMO.
>
> Definitely. I've never seen a web application / service which changed
> my password without my request.
>
>> Sure, a strength _indicator_ would be cool, but forcing?
>
> No, never force it, just mark it as "Bad" so people can decide. Not
> every blog needs a super-secure-10-chacrater password.
>
> All we need is a solution to slow down automated attacks but without
> annoying the actual user.
>
> -- 
> Arne Brachhold
> mail:  himself at arnebrachhold.de
> web:   http://www.arnebrachhold.de/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
> 



More information about the wp-hackers mailing list