Forums

WordPress › Support » Alpha/Beta

[resolved] Request! Please ad a few security features! (9 posts)

  1. Zeb
    Member
    Posted 10 months ago #

    1. There is a problem with WordPress that no time limit is provided for auto-logout regarding inactive users. It seems anybody can be on in days!
    2. Even if a user closes the browser or the computer goes in standby status, the user is still logged in when the browser is opened or the computer is waken up again.
    3. When login is unsuccessful, WordPress tells the user or a hacker exactly what is wrong. Username or the password which makes it much easier for anybody to continue hacking the account/site.

    Please Please do something about these issues in your next update!!!

  2. Ipstenu
    Half-Elf Support Rogue & Mod
    Posted 9 months ago #

    There's a plugin: http://wordpress.org/extend/plugins/auto-logout/

    Logins are held by your cookies, though, so that's more a browser feature.

  3. Zeb
    Member
    Posted 9 months ago #

    Thanks for the reply and the plugin link.

    But regarding the main issue, isn't it a risky approach if a cookie is copied through a trojan or something? It could be a security matter. Wouldn't that be a decision for admin if he could choose to allow such cookie feature or not in the blog?

  4. Ipstenu
    Half-Elf Support Rogue & Mod
    Posted 9 months ago #

    Yes, but that is, again, a browser issue (and in the case of a trojan, a computer issue). Worrying about WP having timeouts is like worrying that your bedroom door is unlocked. You should worry MORE about the house (i.e. your server).

  5. Zeb
    Member
    Posted 9 months ago #

    I understand. Thanks for your replay :)

    In case of server issues and file security, I appreciate if you could take a look at my other post regarding a suggested htaccess solution.

    Thank you in advance.

  6. Ipstenu
    Half-Elf Support Rogue & Mod
    Posted 9 months ago #

    The perishable press 5g firewall is in beta testing, and works mostly well (works great with WP, needs tweaks for other things). But recently I've stopped using it as it slowed my site down.

    htaccess isn't where I put my firewall effort in. I actually use ConfigServer Security & Firewall and let that handle most of the drama. I spend more time on SERVER security than WP :)

  7. Zeb
    Member
    Posted 9 months ago #

    Ok, I understand. I appreciate your reply. :)

    In my case I use a hosted server and can not use anything other than what the hosting company decides. Therefore, I'm trying to do my best to make it as secure as possible at least from my side.

  8. Ipstenu
    Half-Elf Support Rogue & Mod
    Posted 9 months ago #

    Read http://codex.wordpress.org/Hardening_WordPress :)

  9. Zeb
    Member
    Posted 9 months ago #

    Thank you Ipstenu. :)

Reply

You must log in to post.

About this Topic

Tags