[wp-trac] [WordPress Trac] #35817: Force users to set strong passwords
WordPress Trac
noreply at wordpress.org
Sat Sep 10 08:39:35 UTC 2016
#35817: Force users to set strong passwords
----------------------------+------------------------------
Reporter: ericlewis | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: 0.71
Severity: normal | Resolution:
Keywords: 2nd-opinion | Focuses: ui
----------------------------+------------------------------
Comment (by lovingboth):
Replying to [comment:10 ericlewis]:
> * This may or may not align with project goals.
I hadn't realised that there are still people who prioritise 'user
friendliness' over security as a project goal.
WordPress has gotten better about this, but it's been a long road and
there's still some way to go before aspects aren't embarrassing. The
result can be seen in the millions and millions of hacked WP sites out
there.
Replying to [comment:12 ericlewis]:
> I would say that security is a feature, and protecting sites from basic
brute-force attacks make WordPress a better experience out-of-the-box.
Yes. Other examples would be stopping attackers from trying as many
username/password combos as they like before being slowed down, and
removing the ability to do hundreds of them at a time from xmlrpc.php -
see other tickets.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35817#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list