Request! Please ad a few security features!

Resolved Zeb
(@zeb-el)

12 years, 9 months ago

1. There is a problem with WordPress that no time limit is provided for auto-logout regarding inactive users. It seems anybody can be on in days!
2. Even if a user closes the browser or the computer goes in standby status, the user is still logged in when the browser is opened or the computer is waken up again.
3. When login is unsuccessful, WordPress tells the user or a hacker exactly what is wrong. Username or the password which makes it much easier for anybody to continue hacking the account/site.

Please Please do something about these issues in your next update!!!

Viewing 8 replies - 1 through 8 (of 8 total)

Moderator Ipstenu (Mika Epstein)
(@ipstenu)

🏳️‍🌈 Advisor and Activist

12 years, 8 months ago

There’s a plugin: http://wordpress.org/extend/plugins/auto-logout/

Logins are held by your cookies, though, so that’s more a browser feature.

Thread Starter Zeb
(@zeb-el)

12 years, 8 months ago

Thanks for the reply and the plugin link.

But regarding the main issue, isn’t it a risky approach if a cookie is copied through a trojan or something? It could be a security matter. Wouldn’t that be a decision for admin if he could choose to allow such cookie feature or not in the blog?

Moderator Ipstenu (Mika Epstein)
(@ipstenu)

🏳️‍🌈 Advisor and Activist

12 years, 8 months ago

Yes, but that is, again, a browser issue (and in the case of a trojan, a computer issue). Worrying about WP having timeouts is like worrying that your bedroom door is unlocked. You should worry MORE about the house (i.e. your server).

Thread Starter Zeb
(@zeb-el)

12 years, 8 months ago

I understand. Thanks for your replay 🙂

In case of server issues and file security, I appreciate if you could take a look at my other post regarding a suggested htaccess solution.

Thank you in advance.

Moderator Ipstenu (Mika Epstein)
(@ipstenu)

🏳️‍🌈 Advisor and Activist

12 years, 8 months ago

The perishable press 5g firewall is in beta testing, and works mostly well (works great with WP, needs tweaks for other things). But recently I’ve stopped using it as it slowed my site down.

htaccess isn’t where I put my firewall effort in. I actually use ConfigServer Security & Firewall and let that handle most of the drama. I spend more time on SERVER security than WP 🙂

Thread Starter Zeb
(@zeb-el)

12 years, 8 months ago

Ok, I understand. I appreciate your reply. 🙂

In my case I use a hosted server and can not use anything other than what the hosting company decides. Therefore, I’m trying to do my best to make it as secure as possible at least from my side.

Moderator Ipstenu (Mika Epstein)
(@ipstenu)

🏳️‍🌈 Advisor and Activist

12 years, 8 months ago

Read http://codex.wordpress.org/Hardening_WordPress 🙂

Thread Starter Zeb
(@zeb-el)

12 years, 8 months ago

Thank you Ipstenu. 🙂

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘Request! Please ad a few security features!’ is closed to new replies.

Request! Please ad a few security features!

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics