[wp-hackers] The security week? :)
Stefano Aglietti
steagl4ml at gmail.com
Wed Apr 16 17:04:12 GMT 2008
What about this one?
I suppoee tons of updates didn't change SECRET_KEY.
If iI undesrstood right even with no secret key getting an hig level
access will require lot of time calculation and a stronge long
password eve if not salted is a good defense unless the attaccker is
really lucky.
The question is, secret key setting is a mandatory task? If yes would
be better WP check for it at first admin access and suggest user to
change it to avoid risks. Other solution?
--
Stefano Aglietti - StallonIt on IRCnet - ICQ#: 2078431
Email: steve at 40annibuttati.it steagl at people.it
Sites: http://www.40annibuttati.it (personal blog)
http://www.wordpress-it.it (WordPress Italia)
More information about the wp-hackers
mailing list