With Admins Still Choosing ‘Admin’, WordPress Password Troubles Continue(thecyberexpress.com)
thecyberexpress.com
With Admins Still Choosing ‘Admin’, WordPress Password Troubles Continue
https://thecyberexpress.com/weak-wordpress-passwords-hit-platform-security/
11 comments
WordPress has good amount of security features but only few know how to use them. The weak link always tend to be the easy to guess passwords. Sometime people just migrate the local copy as it is and forget to change the passwords post migration.
https://thecyberexpress.com/weak-wordpress-passwords-hit-pla...
Why haven't the WordPress developers just hardcoded something like "until you change the password to something other than admin, your site is only accessible from localhost"?
They need to sell their product.
[deleted]
They deserve it.
Weak passwords still remain WordPress's Achilles’s heel, as admin:admin remains common administration login and password combo
Perhaps one mitigating fix may be to add some code that checks password complexity and if the check fails the admin must either remediate the bad password, or be forced to add a configuration directive that says "I_KNOW_I_AM_DOING_SOMETHING_SILLY_AND_RECKLESS=true".
Is something like this possible in PHP?
Is something like this possible in PHP?
+ Change login URL from /wp-admin/ to something unique such as /custom-login. This stops the majority of bots as they usually only target /wp-admin
+ disable “admin” username
+ automatically block the IP address of any attempt to log in using “admin” username.
+ block IP address of x failed login attempts for y minutes.
This can be achieved by many free and commercial WordPress security plugins.