[wp-hackers] wordpress security
Stephen Rider
wp-hackers at striderweb.com
Mon Oct 19 19:34:11 UTC 2009
On Oct 19, 2009, at 1:30 PM, Ozh wrote:
> Another thing to consider might be legitimacy of such an email. I can
> predict naive users being tricked into downloading a fake archive from
> w0rdpresss.org because they received a forged email seemingly from
> wordpress at their-domain
Good point, although a cracker could do that right now.
If we do the email, it should only ever point back to the Admin
section of the blog in question, not a download link. (Similar to
legitimate emails from your bank that say "log in to your account to
see this information.")
--
Stephen Rider
http://striderweb.com/
More information about the wp-hackers
mailing list