[wp-hackers] Possible security patch
Lynne Pope
lynne.pope at gmail.com
Mon Dec 7 22:39:41 UTC 2009
This is kinda like killing a mosquito with a sledgehammer.
Suggestion:
Allow users to select admin username at install time.
On the introduction to WordPress post add a note:
"Before You Start Posting
Nothing on the web is 100% secure. The version of WordPress that you are
using is as secure as possible but you can harden security with one simple
step.
Login to WordPress. Go to Users. Then create a new user account for
yourself, giving this account the Editor role.
Using this Editor account for posting makes your Administrator account
harder to identify. "
I don't like the idea of allowing usernames to be changed from the backend
and feel that the only changes needed are the ability to input a custom
admin name plus some education.
Lynne
More information about the wp-hackers
mailing list