Permissions

Permissions

This time on web sites, or more specifically, within WordPress.

I discovered recently quite by accident, that you shouldn’t use your administrative un/pw to create content. It’s just a really bad practice. So I’ve spent a good bit of time today straightening that out.

If someone knows the user name of the admin of a site, they can just start brute forcing the password to come up with a way to log in to the site.

This makes perfect sense of course, and is one of the things that needs to be fixed in most WordPress Installations for this issue to be mitigated. But just generally, it’s good not to do your day-to-day blogging with your site admin account. And since I knew this and I could use the reminder, I thought maybe someone else could also.