[wp-hackers] Su for WP: wp-su (Was: Possible security patch)

Dion Hulse (dd32) wordpress at dd32.id.au
Sun Dec 6 04:55:19 UTC 2009 

On Sun, 06 Dec 2009 15:29:44 +1100, Ian Stewart <ian at themeshaper.com>  
wrote:

> The correct solution probably is to avoid
> using the admin account for posting. I'd argue though that most people do
> use the admin account for posting and will continue to whether or not it  
> is
> the correct solution. Even if they know it's the correct solution. Just  
> like
> people choose to use weak passwords

I've been working on a plugin the past few days for that exact reason,  
That a lot of users just use a Administrative account..

The idea? Wp-Su

Put simply, It adds an extra line of security to WordPress, No longer do  
you have an Administrative account, You have an account with minimal  
privledges -  Enough to let you write posts, edit posts, and do the  
majority of what you would do..
But in the event that you wish to change a blog option, Theres no need to  
log out and log into the admin account, Just hit the Su link, Type in the  
extra password (Which can(should) differ from you user account password),  
and all the administrative features are open (For a predetermined time,  
5minutes? 15, 30minutes).

I've had some people ask me flat out, Whats the point. Just use a Editor  
account. OR Why? Arnt people just going to sniff the Su password as well?

I came up with a simple list for that:
  1. Users should never use accounts which have more privledges than they  
require
  2. Users should only ever log into administrative accounts on  
computers/networks they trust 100%
  3. Users should never use the same password for everything
  4. Majority of keyloggers are generally only targetting User/password  
combinations

How many people know of a user who doesnt follow 1-3?
How many people know of a bank which no longer uses a username and  
password combo? And instead, Has an extra layer of security (Picture  
password for example, or SMS)? - Pretty much all of them.

Currently.. My plugin is unreleased, However, will be out by the time 2.9  
ships, will require WP 2.9, and whilst the UI integration isnt as good as  
i'd like (due to WP shortcomings in filters at present), Uses a extra text  
password (instead of Pictures/phrases/whatever), and is presently mainly a  
proof of concept.

Right now, The user enables the plugin, Selects which roles should have  
access to a Su environment, and select which caps should be protected by  
Su use (ie. Plugin, Blog, Theme and User options/edits should only be done  
by Su users, However Post publishing, page editing, etc can be done by a  
"normal" user).. I'm hoping to extend that to have a short wizard which  
prompts to user to set it up properly before release however.

Thoughts? Anyone want the Beta? (Email me off list please - It could do  
with some security testing before release.. Not sure i got the User Cookie  
100% right)

More information about the wp-hackers mailing list