[wp-hackers] WordPress can "leak" if a username is valid
Paolo Tresso / Pixline
supporto at pixline.net
Tue Feb 19 10:14:02 GMT 2008
Il giorno 18/feb/08, alle ore 22:01, Will Brown ha scritto:
> Every single Wordpress installation has
> the admin user unless someone's gone in and changed the database, so
> an
> attacker doesn't need to use this method to gain a hack-able account.
By the way, I usually make another account the superadmin, and de-
privilege admin at all, like a subscriber. :-)
Call me paranoid, but it's just a little step to do.
Bests,
Paolo Tresso (Pixline)
online media developer
------------------------------------
http://linkedin.com/in/paolotresso
techblog: http://pixline.net
skype: pixline
More information about the wp-hackers
mailing list