Author role capabilities
-
I say 3.6 because I have a bucketful of sites and they are not all on support contracts so 3.6 is the oldest version in use.
I install Limit Login Attempts by default on all my sites and it is surprising how many brute force attacks there are out there. I don’t generally allow Admin roles to author posts so attempting hackers are generally using Author (and Editor) user names to try and get in.
Limit Login Attempts is a pretty good defence against brute force attacks but some come from a lot of IP addresses so it is not outside the realm of possibility that someone might succeed with an insecure password.
So the question; what damage if any can be done by someone logged in as Author or Editor?
Treat this post also as a wake up call, if you don’t have some kind of plugin to limit logins then you should, even if just to show you how often hackers attempt to get in.
- The topic ‘Author role capabilities’ is closed to new replies.