[wp-hackers] Possible security patch
Harish Narayanan
harish.mlists at gmail.com
Mon Dec 7 08:50:30 UTC 2009
Mark Jaquith wrote:
>
> I think I have a better method of tackling this issue: We now prompt
> the user in the wp-admin when they are using the default install
> password or a reset password. What about if we do a similar prompt if
> "admin" is the only user on the blog, suggesting that they create a
> second user name and use THAT for posting?
And this second user wouldn't just be an admin-level user under a
different name; it would be a user with reduced privileges capable of
only basic day-to-day interactions with the admin interface of the blog?
(As has come up earlier in this thread.)
If so, I think this is a great idea. (Extrapolating from operating
system installs that do this all the time, dramatically improving their
security situation.)
Harish
More information about the wp-hackers
mailing list