[wp-hackers] Maybe a secure-hole
scribu at gmail.com
Thu Oct 9 10:40:52 GMT 2008
You can easily remove that link from your theme files (single.php et
co). No need to change anything in WordPress itself.
On Thu, Oct 9, 2008 at 11:25 AM, Frank Bueltge <frank at bueltge.de> wrote:
> When you include a link to the authro and activate the permalink, then
> you became a link to the login-name of the author.
> This is a secure-hole. Hackers use this login-namer and searc h for
> the password.
> <a href="http://localhost/wpbeta/author/admin/" title="Posts by Frank
> Bueltge">Frank Bueltge</a>
> Link to:
> admin is the login-name and the author had set the name in the Blog on
> your namen and surename.
> maybe it is possible to cahnge this in 2.7?
> * Sorry for my bad english, i hope your understand me.
> Best wishes
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers