[wp-hackers] Possible security patch

Harish Narayanan harish.mlists at gmail.com
Mon Dec 7 08:50:30 UTC 2009

Mark Jaquith wrote:
> I think I have a better method of tackling this issue: We now prompt
> the user in the wp-admin when they are using the default install
> password or a reset password. What about if we do a similar prompt if
> "admin" is the only user on the blog, suggesting that they create a
> second user name and use THAT for posting?

And this second user wouldn't just be an admin-level user under a
different name; it would be a user with reduced privileges capable of
only basic day-to-day interactions with the admin interface of the blog?
(As has come up earlier in this thread.)

If so, I think this is a great idea. (Extrapolating from operating
system installs that do this all the time, dramatically improving their
security situation.)


More information about the wp-hackers mailing list