[wp-hackers] Maybe a secure-hole

Otto otto at ottodestruct.com
Thu Oct 9 16:43:36 GMT 2008

The username is not protected information. The password is. Knowing
the username gets you no closer to finding the password, and is not a
security risk at all.

Along the same lines, changing the default "admin" to something else
is also not a security improvement. I generally do change it because I
like using a different login name, but it doesn't help security one
little bit.

Nobody ever hacks a WordPress blog by figuring out the username and password.

On Thu, Oct 9, 2008 at 7:26 AM, Frank Bueltge <frank at bueltge.de> wrote:
> ohyes. i write in many blogs over security in WP.
> The users must be change the default-admin and ther ID.
> My problem is not the default-userlogin admin, this was only a examble.
> This is with all users in WP. The function the_author_posts_link() use
> the login-name, wehn active the permalinks.
> best regards
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list