[wp-hackers] Possible security patch

Brad Williams bradw at illiams.com
Mon Dec 7 14:10:55 UTC 2009

I'm all in favor for something like this ticket/patch:

Allowing the user to change the admin username during the installation


-----Original Message-----
From: wp-hackers-bounces at lists.automattic.com
[mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of Peter Westwood
Sent: Monday, December 07, 2009 8:56 AM
To: wp-hackers at lists.automattic.com
Subject: Re: [wp-hackers] Possible security patch

On 7 Dec 2009, at 08:32, Lynne Pope wrote:
> Agree with Ian here. Prompting to rename "admin" AND create another  
> account
> for posting, recommending they use the Editor role for that second  
> account.
> If there is going to be a prompt it really needs to spell things out,
> otherwise we'll see people creating a second user name ok, with admin
> privileges.

I'm not sure I understand the security benefit of renaming the admin  

You don't go round renaming the root account on a UNIX install to  
improve security - you lock the account down with a secure password  
and use it appropriately working as a normal user as much as possible

The process of creating an account for posting could be part of a post- 
install guided process - maybe if you go to the Add New post screen  
you get a message about creating a user to write posts with seperate  
from the admin user with a way to dismiss this message.

I think we need to careful explore the best user experience on this  
before we rush in and do something - maybe we need to work through a  
couple of different wireframes on this.

Peter Westwood
http://blog.ftwr.co.uk | http://westi.wordpress.com
C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5

wp-hackers mailing list
wp-hackers at lists.automattic.com

More information about the wp-hackers mailing list