[wp-hackers] Securing Wordpress Login
deviant at dr-deviant.net
Tue Aug 22 15:38:07 GMT 2006
Here's a thought - why not have some options in the core that allowed you to
configure strength etc along the lines of the major policies that get used
(history, character length, character content and repeatability etc) ?? I
think someone mentioned a plug-in as well, but I have not seen any hooks
around the password entry areas.
It would be so nice to redefine the login page and control that process a
little more. <sigh>
Another issue is with the corporate entity. A lot of LARGE corporations
require strong passwords as part of their externalised business model, and
as such if the WP development team want the product to taken up by corporate
out of the box, then someone needs to make them feel a little more loved.
The easiest way here is to hook WordPress up to the corporate LDAP/AD
service where all of the strength is handled for you, the corporation then
has their warmer glowier feeling.
----- Original Message -----
From: "Arne Brachhold" <himself at arnebrachhold.de>
To: <wp-hackers at lists.automattic.com>
Sent: Tuesday, August 22, 2006 8:44 AM
Subject: Re: [wp-hackers] Securing Wordpress Login
> Viper007Bond wrote:
>> I'm all for blocking people from the login from after X fails, but
>> passwords and forcing secure passwords is retarded IMO.
> Definitely. I've never seen a web application / service which changed
> my password without my request.
>> Sure, a strength _indicator_ would be cool, but forcing?
> No, never force it, just mark it as "Bad" so people can decide. Not
> every blog needs a super-secure-10-chacrater password.
> All we need is a solution to slow down automated attacks but without
> annoying the actual user.
> Arne Brachhold
> mail: himself at arnebrachhold.de
> web: http://www.arnebrachhold.de/
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers