[wp-hackers] Su for WP: wp-su (Was: Possible security patch)
Dion Hulse (dd32)
wordpress at dd32.id.au
Sun Dec 6 04:55:19 UTC 2009
On Sun, 06 Dec 2009 15:29:44 +1100, Ian Stewart <ian at themeshaper.com>
wrote:
> The correct solution probably is to avoid
> using the admin account for posting. I'd argue though that most people do
> use the admin account for posting and will continue to whether or not it
> is
> the correct solution. Even if they know it's the correct solution. Just
> like
> people choose to use weak passwords
I've been working on a plugin the past few days for that exact reason,
That a lot of users just use a Administrative account..
The idea? Wp-Su
Put simply, It adds an extra line of security to WordPress, No longer do
you have an Administrative account, You have an account with minimal
privledges - Enough to let you write posts, edit posts, and do the
majority of what you would do..
But in the event that you wish to change a blog option, Theres no need to
log out and log into the admin account, Just hit the Su link, Type in the
extra password (Which can(should) differ from you user account password),
and all the administrative features are open (For a predetermined time,
5minutes? 15, 30minutes).
I've had some people ask me flat out, Whats the point. Just use a Editor
account. OR Why? Arnt people just going to sniff the Su password as well?
I came up with a simple list for that:
1. Users should never use accounts which have more privledges than they
require
2. Users should only ever log into administrative accounts on
computers/networks they trust 100%
3. Users should never use the same password for everything
4. Majority of keyloggers are generally only targetting User/password
combinations
How many people know of a user who doesnt follow 1-3?
How many people know of a bank which no longer uses a username and
password combo? And instead, Has an extra layer of security (Picture
password for example, or SMS)? - Pretty much all of them.
Currently.. My plugin is unreleased, However, will be out by the time 2.9
ships, will require WP 2.9, and whilst the UI integration isnt as good as
i'd like (due to WP shortcomings in filters at present), Uses a extra text
password (instead of Pictures/phrases/whatever), and is presently mainly a
proof of concept.
Right now, The user enables the plugin, Selects which roles should have
access to a Su environment, and select which caps should be protected by
Su use (ie. Plugin, Blog, Theme and User options/edits should only be done
by Su users, However Post publishing, page editing, etc can be done by a
"normal" user).. I'm hoping to extend that to have a short wizard which
prompts to user to set it up properly before release however.
Thoughts? Anyone want the Beta? (Email me off list please - It could do
with some security testing before release.. Not sure i got the User Cookie
100% right)
More information about the wp-hackers
mailing list