[wp-hackers] Limit Login Attempts

Robert Pendell shinji at elite-systems.org
Thu Apr 25 22:52:50 UTC 2013


What I used to do was to create a new user and give that admin rights then
restrict the rights on the admin account to the lowest available.  That way
if they did manage to hack into it then they only wasted their time.

Robert Pendell
shinji at elite-systems.org
A perfect world is one of chaos.


On Thu, Apr 25, 2013 at 6:49 PM, Chris Williams <chris at clwill.com> wrote:

> Excellent post, Otto.
>
> There is one exception to this, as most here know.  The username "admin"
> has been the de facto "super user" for WP for years.  Yes, I know that's
> no longer the case.  But as I have found on my sites, this has lead to 99%
> of the brute force attacks I'm seeing being against the "admin" username.
> This is true on sites where admin has never posted, and even on those
> where the admin account does not exist.
>
> This is just to say, if you haven't removed the "admin" username, you're
> probably asking for trouble.
>
> Chris
>
> On 4/24/13 5:07 PM, "Otto" <otto at ottodestruct.com> wrote:
>
> >On Wed, Apr 24, 2013 at 6:20 PM, Mark Costlow <cheeks at swcp.com> wrote:
> >
> >First, note that users without published posts will not get the
> >redirect from the ?author=N requests. Only published authors will. So
> >don't publish using admin credentials and this is mitigated.
> >
> >On a wider note, however, usernames are not meant to be considered
> >private information, and efforts to hide or treat them as private are
> >misguided and potentially harmful. I realize that this is
> >counter-intuitive, so allow me to explain:
>
> Trimmed only for brevity...
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list