[wp-hackers] wordpress security

Stephen Rider wp-hackers at striderweb.com
Mon Oct 19 19:34:11 UTC 2009


On Oct 19, 2009, at 1:30 PM, Ozh wrote:

> Another thing to consider might be legitimacy of such an email. I can
> predict naive users being tricked into downloading a fake archive from
> w0rdpresss.org because they received a forged email seemingly from
> wordpress at their-domain

Good point, although a cracker could do that right now.

If we do the email, it should only ever point back to the Admin  
section of the blog in question, not a download link.  (Similar to  
legitimate emails from your bank that say "log in to your account to  
see  this information.")


-- 
Stephen Rider
http://striderweb.com/






More information about the wp-hackers mailing list