[wp-hackers] Possible security patch

Austin Matzko if.website at gmail.com
Mon Dec 7 14:06:31 UTC 2009


On Mon, Dec 7, 2009 at 7:56 AM, Peter Westwood
<peter.westwood at ftwr.co.uk> wrote:
> You don't go round renaming the root account on a UNIX install to improve
> security - you lock the account down with a secure password and use it
> appropriately working as a normal user as much as possible

Actually, it's considered good security practice to disable root SSH
logins.  My servers' logs are filled with automated attempts from
around the world to login with "root"; it's seemingly non-stop, but
none of those bots are trying the user I actually use to administrate
with.  Denying root logins significantly reduces the (already
unlikely) possibility that one of the bots will succeed in guessing
the necessary credentials.


More information about the wp-hackers mailing list