[resolved] Request! Please ad a few security features! (9 posts)

  1. Zeb
    Posted 4 years ago #

    1. There is a problem with WordPress that no time limit is provided for auto-logout regarding inactive users. It seems anybody can be on in days!
    2. Even if a user closes the browser or the computer goes in standby status, the user is still logged in when the browser is opened or the computer is waken up again.
    3. When login is unsuccessful, WordPress tells the user or a hacker exactly what is wrong. Username or the password which makes it much easier for anybody to continue hacking the account/site.

    Please Please do something about these issues in your next update!!!

  2. There's a plugin: http://wordpress.org/extend/plugins/auto-logout/

    Logins are held by your cookies, though, so that's more a browser feature.

  3. Zeb
    Posted 4 years ago #

    Thanks for the reply and the plugin link.

    But regarding the main issue, isn't it a risky approach if a cookie is copied through a trojan or something? It could be a security matter. Wouldn't that be a decision for admin if he could choose to allow such cookie feature or not in the blog?

  4. Yes, but that is, again, a browser issue (and in the case of a trojan, a computer issue). Worrying about WP having timeouts is like worrying that your bedroom door is unlocked. You should worry MORE about the house (i.e. your server).

  5. Zeb
    Posted 4 years ago #

    I understand. Thanks for your replay :)

    In case of server issues and file security, I appreciate if you could take a look at my other post regarding a suggested htaccess solution.

    Thank you in advance.

  6. The perishable press 5g firewall is in beta testing, and works mostly well (works great with WP, needs tweaks for other things). But recently I've stopped using it as it slowed my site down.

    htaccess isn't where I put my firewall effort in. I actually use ConfigServer Security & Firewall and let that handle most of the drama. I spend more time on SERVER security than WP :)

  7. Zeb
    Posted 4 years ago #

    Ok, I understand. I appreciate your reply. :)

    In my case I use a hosted server and can not use anything other than what the hosting company decides. Therefore, I'm trying to do my best to make it as secure as possible at least from my side.

  8. Zeb
    Posted 4 years ago #

    Thank you Ipstenu. :)

Topic Closed

This topic has been closed to new replies.

About this Topic