[wp-hackers] Su for WP: wp-su (Was: Possible security patch)

Tuna Can tunamaxx at yahoo.com
Sun Dec 6 18:57:40 UTC 2009

For whatever my opinion is worth, WP-Su sounds like a great idea. Like most security related practices, those that understand the benefits can partake, and those that don't care or are unaware can continue blissfully oblivious. ;)

On 2009-12-05, at 8:55 PM, "Dion Hulse (dd32)" <wordpress at dd32.id.au> wrote:

On Sun, 06 Dec 2009 15:29:44 +1100, Ian Stewart <ian at themeshaper.com> wrote:

The correct solution probably is to avoid
using the admin account for posting. I'd argue though that most people do
use the admin account for posting and will continue to whether or not it is
the correct solution. Even if they know it's the correct solution. Just like
people choose to use weak passwords

I've been working on a plugin the past few days for that exact reason, That a lot of users just use a Administrative account..

The idea? Wp-Su

Put simply, It adds an extra line of security to WordPress, No longer do you have an Administrative account, You have an account with minimal privledges -  Enough to let you write posts, edit posts, and do the majority of what you would do..
But in the event that you wish to change a blog option, Theres no need to log out and log into the admin account, Just hit the Su link, Type in the extra password (Which can(should) differ from you user account password), and all the administrative features are open (For a predetermined time, 5minutes? 15, 30minutes).

I've had some people ask me flat out, Whats the point. Just use a Editor account. OR Why? Arnt people just going to sniff the Su password as well?

I came up with a simple list for that:
1. Users should never use accounts which have more privledges than they require
2. Users should only ever log into administrative accounts on computers/networks they trust 100%
3. Users should never use the same password for everything
4. Majority of keyloggers are generally only targetting User/password combinations

How many people know of a user who doesnt follow 1-3?
How many people know of a bank which no longer uses a username and password combo? And instead, Has an extra layer of security (Picture password for example, or SMS)? - Pretty much all of them.

Currently.. My plugin is unreleased, However, will be out by the time 2.9 ships, will require WP 2.9, and whilst the UI integration isnt as good as i'd like (due to WP shortcomings in filters at present), Uses a extra text password (instead of Pictures/phrases/whatever), and is presently mainly a proof of concept.

Right now, The user enables the plugin, Selects which roles should have access to a Su environment, and select which caps should be protected by Su use (ie. Plugin, Blog, Theme and User options/edits should only be done by Su users, However Post publishing, page editing, etc can be done by a "normal" user).. I'm hoping to extend that to have a short wizard which prompts to user to set it up properly before release however.

Thoughts? Anyone want the Beta? (Email me off list please - It could do with some security testing before release.. Not sure i got the User Cookie 100% right)
wp-hackers mailing list
wp-hackers at lists.automattic.com

Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com

More information about the wp-hackers mailing list