[wp-testers] WordPress 2.0.1 Remote DoS Exploit?

Andy Skelton skeltoac at gmail.com
Fri Mar 10 17:00:02 GMT 2006


On 3/10/06, steve caturan <scaturan at negimaki.com> wrote:
> i think a plugin to enable/disable Captcha for wp-register.php would be
> a good deterrent. is that feasible or will that require a major tweak in
> core?

Lurk a while or browse the list archives and you'll find that most
WordPress devs are not enamored with captchas because they impose
barriers to usability.

Let me just reiterate that this DOS effect is not an exploit or
security concern, it does not stem from a weakness in WordPress and
the application is not going to be built to handle problems that
belong to lower-level processes such as the web server.

As with most other things the core won't do, you can accomplish it
with a plugin if you insist.

Andy


More information about the wp-testers mailing list