[wp-hackers] Possible security patch

[Tuna Can]

Just a thought... What if by default the admin account was setup so that it could do any 'administrative' duties required, but just could not post?

In conjunction with something like the WP-SU plugin functionality mentioned earlier, the write post / page could provide a quick explanation and a prompt to swap to an appropriate user. 

Or...

Somehow 'couple' a secondary user to the admin account. Logging in as an admin and making a post would just use the 'coupled' user without exposing the admin ID. 

Excuse me if these ideas are out to lunch!

Thanks,

Tony 




On 2009-12-07, at 5:20 AM, Ian Stewart <ian at themeshaper.com> wrote:

I'm for prompting the user to start another account AND no longer suggesting
admin be the user name.

On Mon, Dec 7, 2009 at 2:57 AM, Ozh <ozh at planetozh.com> wrote:

Mark Jaquith wrote:
I think I have a better method of tackling this issue: We now prompt
the user in the wp-admin when they are using the default install
password or a reset password. What about if we do a similar prompt if
"admin" is the only user on the blog, suggesting that they create a
second user name and use THAT for posting?

What about simply asking the user about renaming 'admin' to something more
personal?

Ozh
_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers




-- 
Ian Stewart

http://ThemeShaper.com/
http://twitter.com/iandstewart/
http://ianstewart.stumbleupon.com/
_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers



      __________________________________________________________________
Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail.  Click on Options in Mail and switch to New Mail today or register for free at http://mail.yahoo.ca