[wp-trac] [WordPress Trac] #6413: Add custom prefix to cookie-names
WordPress Trac
wp-trac at lists.automattic.com
Thu Mar 27 07:46:49 GMT 2008
#6413: Add custom prefix to cookie-names
-------------------------+--------------------------------------------------
Reporter: webrocker | Owner: anonymous
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Security | Version:
Severity: major | Keywords:
-------------------------+--------------------------------------------------
Only recently a new kind of exploit/attack started on wordpress blogs,
during which a directory is created inside "wp-contents" whith several
html and javascript files. see
http://cyberinsecure.com/wordpress-doorway-spam-attacks/
http://blogsecurity.net/wordpress/automated-wordpress-hacking-tool-cached-
by-google/
http://www.village-idiot.org/archives/2008/03/18/wordpress-spam-inject-
honeypot/
http://wordpress.org/support/topic/161723 [[BR]]
One of the proposed ways to keep the attack out is to rename the cookies'
names, because the attack relies on the default cookie-names.
So I think maybe it would be a good idea to use the prefix-option from the
wp-config file and add that to the cookie name, and maybe to the default
admin-user's name as well?
--
Ticket URL: <http://trac.wordpress.org/ticket/6413>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list