[wp-trac] Re: [WordPress Trac] #5388: Author Permalink
(myblog.com/author/username/) does not help security
WordPress Trac
wp-trac at lists.automattic.com
Tue Nov 27 09:41:51 GMT 2007
#5388: Author Permalink (myblog.com/author/username/) does not help security
-------------------------+--------------------------------------------------
Reporter: enposte | Owner: pishmishy
Type: enhancement | Status: assigned
Priority: low | Milestone: 2.5
Component: Security | Version: 2.3.1
Severity: minor | Resolution:
Keywords: |
-------------------------+--------------------------------------------------
Changes (by pishmishy):
* owner: anonymous => pishmishy
* status: new => assigned
Comment:
I'm pretty sure this is a duplicate of another ticket although I can't
seem to find it. Either that or it's been discussed to death on the
mailing list. :-)
As discussed you don't need to know a user name to brute force an account.
I think that renaming the admin account achieves the task at some cost
("Log into your admin account.. I don't have an admin account."). Perhaps
the option of enforcing strong passwords would be useful?
--
Ticket URL: <http://trac.wordpress.org/ticket/5388#comment:4>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list