[wp-hackers] Maybe a secure-hole
Aaron D. Campbell
aaron at xavisys.com
Thu Oct 9 17:05:03 GMT 2008
I agree that "Knowing the username gets you no closer to finding the
password" and I'd agree that I don't consider it a "security risk" or
"security hole." However, I do thing that knowing the username gets you
closer to getting into the system, and that changing the default "admin"
login to something else DOES improve security. Maybe not by a lot, but
it does. You need a matching username/pass to get in, and if you don't
know either it will take you longer to break in by brute force than if
you have one of the two.
> The username is not protected information. The password is. Knowing
> the username gets you no closer to finding the password, and is not a
> security risk at all.
> Along the same lines, changing the default "admin" to something else
> is also not a security improvement. I generally do change it because I
> like using a different login name, but it doesn't help security one
> little bit.
> Nobody ever hacks a WordPress blog by figuring out the username and password.
More information about the wp-hackers