[wp-hackers] Securing Wordpress Login

[Robert Deaton]

On 8/22/06, Dr Deviant <deviant at dr-deviant.net> wrote:
> Here's a thought - why not have some options in the core that allowed you to
> configure strength etc along the lines of the major policies that get used
> (history, character length, character content and repeatability etc) ?? I
> think someone mentioned a plug-in as well, but I have not seen any hooks
> around the password entry areas.

Plugins can do it, and they have. Read up in the list for the info on my plugin.

> It would be so nice to redefine the login page and control that process a
> little more. <sigh>
>
> Another issue is with the corporate entity. A lot of LARGE corporations
> require strong passwords as part of their externalised business model, and
> as such if the WP development team want the product to taken up by corporate
> out of the box, then someone needs to make them feel a little more loved.
> The easiest way here is to hook WordPress up to the corporate LDAP/AD
> service where all of the strength is handled for you, the corporation then
> has their warmer glowier feeling.

There are LDAP plugins for WordPress available. I'm not sure as to the
extent of the functionality, but they do exist.

-- 
--Robert Deaton