[wp-hackers] Possible security patch

Nathan Rice ncrice at gmail.com
Sat Dec 5 16:20:29 UTC 2009


Nathan Rice
WordPress and Web Development
www.nathanrice.net | twitter.com/nathanrice

On Sat, Dec 5, 2009 at 10:38 AM, Ian Stewart <ian at themeshaper.com> wrote:

> Just wondered if I could get your opinion on a possible security patch I
> might try and write. I know WordPress is no fan of security through
> obscurity but as it stands right now, if you're publishing posts as the
> admin user, your login name can be harvested from the body_class and author
> URLs. Would there be any interest in seeing it patched to a sanitized
> display_name or nickname? I can't imagine how many WordPress sites are live
> with super-weak passwords and the admin login name just hanging out there.
> --
> Ian Stewart
> http://ThemeShaper.com/
> http://twitter.com/iandstewart/
> http://ianstewart.stumbleupon.com/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list