[wp-hackers] Possible security patch
Tuna Can
tunamaxx at yahoo.com
Mon Dec 7 16:52:47 UTC 2009
Just a thought... What if by default the admin account was setup so that it could do any 'administrative' duties required, but just could not post?
In conjunction with something like the WP-SU plugin functionality mentioned earlier, the write post / page could provide a quick explanation and a prompt to swap to an appropriate user.
Or...
Somehow 'couple' a secondary user to the admin account. Logging in as an admin and making a post would just use the 'coupled' user without exposing the admin ID.
Excuse me if these ideas are out to lunch!
Thanks,
Tony
On 2009-12-07, at 5:20 AM, Ian Stewart <ian at themeshaper.com> wrote:
I'm for prompting the user to start another account AND no longer suggesting
admin be the user name.
On Mon, Dec 7, 2009 at 2:57 AM, Ozh <ozh at planetozh.com> wrote:
Mark Jaquith wrote:
I think I have a better method of tackling this issue: We now prompt
the user in the wp-admin when they are using the default install
password or a reset password. What about if we do a similar prompt if
"admin" is the only user on the blog, suggesting that they create a
second user name and use THAT for posting?
What about simply asking the user about renaming 'admin' to something more
personal?
Ozh
_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers
--
Ian Stewart
http://ThemeShaper.com/
http://twitter.com/iandstewart/
http://ianstewart.stumbleupon.com/
_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers
__________________________________________________________________
Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail. Click on Options in Mail and switch to New Mail today or register for free at http://mail.yahoo.ca
More information about the wp-hackers
mailing list