[wp-hackers] Securing Wordpress Login
himself at arnebrachhold.de
Tue Aug 22 07:44:58 GMT 2006
> I'm all for blocking people from the login from after X fails, but changing
> passwords and forcing secure passwords is retarded IMO.
Definitely. I've never seen a web application / service which changed
my password without my request.
> Sure, a strength _indicator_ would be cool, but forcing?
No, never force it, just mark it as "Bad" so people can decide. Not
every blog needs a super-secure-10-chacrater password.
All we need is a solution to slow down automated attacks but without
annoying the actual user.
mail: himself at arnebrachhold.de
More information about the wp-hackers