I have released a new WordPress plugin today Login Error Cleanup. When you attempt to login to a WordPress account, you are given fairly specific error messages if you enter the username or password incorrectly. This can be helpful to an attacker if they are trying to guess usernames and/or passwords. This plugin simply returns the message “Error” if the combination submitted is not valid.

This plugin is generally only going to be useful for people running a blog that only has a few authors. “Security by obscurity” is generally not the greatest security method, but it has its place. You would want to use this plugin if the default WP super user is not the regular and expected “admin” user login, and your day to day blogging and commenting is done as a regular author user. If your admin user is not “admin,” an attacker will have a more difficult time hacking and cracking your WordPress. If anything, automated attacks would be much more likely to fail.

If you're new here, you may want to subscribe to my RSS feed. This allows you to read my newer articles without having to visit the site again. Thanks for visiting! Mike

This entry was posted on Thursday, April 3rd, 2008 at 11:47 am and is filed under Lec. You can leave a response, or trackback from your own site.