[wp-hackers] Re: WordPress can "leak" if a user name is valid

Seth Chromick seth at thenextwave.biz
Mon Feb 18 22:37:18 GMT 2008

My Fantastico setup uses admin as default, with the option to change it 
to whatever you want, within the constraints of the WP user name format.

Just my .02 cents.

Even if you know a user name, WordPress' track record for security is a 
mixed bag anyway- most (all?) of the exploits don't need a user name or 
a password to work.

Seth Chromick, Web Developer
The Next Wave <http://thenextwave.biz>
marketing • innovation

100 Bonner Street
Dayton, Ohio 45410 USA

vox (937) 228 4433
fax (937) 228 4111

A *S*ervice *D*isabled *V*eteran *O*wned *B*usiness (SDVOB), HUBzone

Take the seminars that will change your business! Websitetology
For less than $389 (including URL registration, hosting, and the seminar)
you can have a website that you can maintain-
and get on the first page of Google. Let us teach you how!

Want a better internet experience? - Get Firefox

sunburntkamel wrote:
> That's terribly inaccurate.  most fantastico installations will force
> users to choose a different username at setup.
> On Feb 18, 3:01 pm, "Will Brown" <will.h.br... at gmail.com> wrote:
>> I have to say I agree with Otto. Every attacker already knows a username
>> they can bruteforce with: "admin". Every single Wordpress installation has
>> the admin user unless someone's gone in and changed the database, so an
>> attacker doesn't need to use this method to gain a hack-able account.
>> If we're really worried about the security of usernames and being able to
>> guess them, then we should do away with a default, unchangable administrator
>> username, instead of an indication that a username exists.
>> Will
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hack... at lists.automattic.comhttp://lists.automattic.com/mailman/listinfo/wp-hackers
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list