[wp-hackers] Possible security patch

Ian Stewart ian at themeshaper.com
Sat Dec 5 15:38:22 UTC 2009


Just wondered if I could get your opinion on a possible security patch I
might try and write. I know WordPress is no fan of security through
obscurity but as it stands right now, if you're publishing posts as the
admin user, your login name can be harvested from the body_class and author
URLs. Would there be any interest in seeing it patched to a sanitized
display_name or nickname? I can't imagine how many WordPress sites are live
with super-weak passwords and the admin login name just hanging out there.

-- 
Ian Stewart

http://ThemeShaper.com/
http://twitter.com/iandstewart/
http://ianstewart.stumbleupon.com/


More information about the wp-hackers mailing list