[wp-hackers] WordPress can "leak" if a username is valid

Paolo Tresso / Pixline supporto at pixline.net
Tue Feb 19 10:14:02 GMT 2008

Il giorno 18/feb/08, alle ore 22:01, Will Brown ha scritto:

> Every single Wordpress installation has
> the admin user unless someone's gone in and changed the database, so  
> an
> attacker doesn't need to use this method to gain a hack-able account.

By the way, I usually make another account the superadmin, and de- 
privilege admin at all, like a subscriber. :-)
Call me paranoid, but it's just a little step to do.


Paolo Tresso (Pixline)
online media developer
techblog: http://pixline.net
skype: pixline

More information about the wp-hackers mailing list