[wp-trac] [WordPress Trac] #27052: Known admin user_id ( = 1 ) could lead to security problems and/or unwanted side-effects
WordPress Trac
noreply at wordpress.org
Sun Feb 9 20:18:10 UTC 2014
#27052: Known admin user_id ( = 1 ) could lead to security problems and/or unwanted
side-effects
-------------------------------------------------+-------------------------
Reporter: ruud@… | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting
Component: Upgrade/Install | Review
Severity: normal | Version: 3.8
Keywords: has-patch needs-testing 2nd-opinion | Resolution:
| Focuses:
-------------------------------------------------+-------------------------
Comment (by ruud@…):
Thanks everyone for replying, I really appreciate it.
Replying to [comment:5 SergeyBiryukov]:
>
> It would still be trivial to find out an admin ID using a brute-force
attack.
>
> So a random admin ID doesn't add any real protection and appears to be a
security through obscurity technique, which we generally don't endorse.
Sergey, your right; this won't stop a brute force attack, so if a good
example is put on the table, any proper fix for that case will be far
better than this approach with a random ID.
Just as a general remark, I think that a brute force attack is more likely
to get noticed sooner and is probably much easier to stop (or maybe even
prevented) at a firewall or application level then a quick hack via a
single point of failure.
Again I'm lacking any real examples, sorry.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27052#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list