Archive for June, 2013

Downgraded the WP-Login threat and changed it to an opt-in fix

June 1, 2013

In my ongoing attempts to improve the security of WordPress and to clarify the brute-force threat, I have isolated the code for my login patch into an include file and added some notes to explain why the wp-login.php file comes up as a vulnerability.

I have also downgraded the severity of this threat and changed it to an "opt-in" fix instead of being marked in red and default checked for automatic repair. This is partly because I have perceived an ebbing of the brute-force attacks on WordPress sites that spiked a couple of months ago, but also because a moderator on wordpress.org suggested that I should not be modifying WordPress core files.

I will also be taking the "Dave" and other references from the movie 2001: A Space Odyssey out of the login patch because some people (not named Dave) didn't see the humor in it and I don't want to upset anyone.

Comments and suggestions are always welcome.

[sign_post]

Tags: , ,
Posted in Updates 14 Comments »