[wp-hackers] Possible security patch

Lynne Pope lynne.pope at gmail.com
Mon Dec 7 13:32:47 UTC 2009


2009/12/8 Ian Stewart <ian at themeshaper.com>

> I'm for prompting the user to start another account AND no longer
> suggesting
> admin be the user name.
>
> On Mon, Dec 7, 2009 at 2:57 AM, Ozh <ozh at planetozh.com> wrote:
>
> > Mark Jaquith wrote:
> > > I think I have a better method of tackling this issue: We now prompt
> > > the user in the wp-admin when they are using the default install
> > > password or a reset password. What about if we do a similar prompt if
> > > "admin" is the only user on the blog, suggesting that they create a
> > > second user name and use THAT for posting?
> >
> > What about simply asking the user about renaming 'admin' to something
> more
> > personal?
>

Agree with Ian here. Prompting to rename "admin" AND create another account
for posting, recommending they use the Editor role for that second account.

If there is going to be a prompt it really needs to spell things out,
otherwise we'll see people creating a second user name ok, with admin
privileges.

Lynne


More information about the wp-hackers mailing list