[wp-hackers] Maybe a secure-hole

scribu scribu at gmail.com
Thu Oct 9 10:40:52 GMT 2008


You can easily remove that link from your theme files (single.php et
co). No need to change anything in WordPress itself.

On Thu, Oct 9, 2008 at 11:25 AM, Frank Bueltge <frank at bueltge.de> wrote:
> When you include a link to the authro and activate the permalink, then
> you became a link to the login-name of the author.
> This is a secure-hole. Hackers use this login-namer and searc h for
> the password.
>
> examble:
> <a href="http://localhost/wpbeta/author/admin/" title="Posts by Frank
> Bueltge">Frank Bueltge</a>
>
> Link to:
> http://localhost/wpbeta/author/admin/
>
> admin is the login-name and the author had set the name in the Blog on
> your namen and surename.
>
> maybe it is possible to cahnge this in 2.7?
>
> * Sorry for my bad english, i hope your understand me.
> Best wishes
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>



-- 
http://scribu.net


More information about the wp-hackers mailing list