[wp-hackers] Possible security patch
Peter Westwood
peter.westwood at ftwr.co.uk
Mon Dec 7 13:56:20 UTC 2009
On 7 Dec 2009, at 08:32, Lynne Pope wrote:
>
> Agree with Ian here. Prompting to rename "admin" AND create another
> account
> for posting, recommending they use the Editor role for that second
> account.
>
> If there is going to be a prompt it really needs to spell things out,
> otherwise we'll see people creating a second user name ok, with admin
> privileges.
>
I'm not sure I understand the security benefit of renaming the admin
account.
You don't go round renaming the root account on a UNIX install to
improve security - you lock the account down with a secure password
and use it appropriately working as a normal user as much as possible
The process of creating an account for posting could be part of a post-
install guided process - maybe if you go to the Add New post screen
you get a message about creating a user to write posts with seperate
from the admin user with a way to dismiss this message.
I think we need to careful explore the best user experience on this
before we rush in and do something - maybe we need to work through a
couple of different wireframes on this.
Peter
--
Peter Westwood
http://blog.ftwr.co.uk | http://westi.wordpress.com
C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5
More information about the wp-hackers
mailing list