[wp-hackers] Wordpress Event Viewer Plugin
computerguru at neosmart.net
Tue Apr 3 13:13:44 GMT 2007
I believe it was punBB that had this feature for a *forum* that would email
the admin on failed login. As you can imagine, that's hundreds of logins a
day, and a huge security breach.
It's things like this that give off an aura of "non-professionalism" with
otherwise excellent programs/scripts.
Put it this way: does the admin benefit by knowing the *password* someone
tried to login with?
> -----Original Message-----
> From: wp-hackers-bounces at lists.automattic.com [mailto:wp-hackers-
> bounces at lists.automattic.com] On Behalf Of Brian Layman
> Sent: Tuesday, April 03, 2007 4:16 PM
> To: wp-hackers at lists.automattic.com
> Subject: RE: [wp-hackers] Wordpress Event Viewer Plugin
> A word of warning, please realize that some users will be highly
> offended if
> they find out failed passwords are logged in plain text anywhere in the
> system. You would be logging failed attempts by valid users as well as
> There's a disconnect in peoples' minds between the fact that they are
> sending a password to a webserver and the fact that it can be read by
> people who run the site. The thought that some sites are likely
> just to harvest passwords is a bit bothersome, but I'm sure its true.
> just hope it's not true of any really popular sites.
> I once saw someone write one of these plugins for another web app and
> had it email the invalid login attempts (with mistyped passwords) to
> admin email address. Well the admin email address for this site
> delivered a
> list of about 20 people. So those people all saw the mistyping and
> much could guess at what the passwords really should have been. That
> included failed admin logins too Also users tried alternative
> that had been used at other sites and they thought they had used at
> site too. Since each admin had different privileges, this was a
> security breakdown. The plugin was quickly turned off.
> There are some real-life issues here. The passwords are stored in an
> "encrypted" field in WordPress for a reason. I'd also worry that if
> included a failed password logging feature, someone would hack your
> to simply always email the passwords out for every login. That
> wouldn't be
> your responsibility, but the plugin is probably easier to decipher than
> actual WP log in code is. And it is something to consider.
> So, basically if I added a feature like that, I would make certain to
> restrict log access to the admins and to use a nonce so that browsing
> posting directly to the log viewing page is only allowed by those
> admins. I
> would also make it optional and leave it off by default. But that's
> me. Some might not have any problem at all with this.
> Brian Layman
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers