Should WordPress Add Options to Enhance Security or Leave it to plugin developers? [closed]

RE: Username – admin

Since version 3.0 the installer asks the user to provide a username for the main account, you obviously won’t get this option if you upgrade from an older version(because it’s not a new installation).

You can see an image of this here:
http://codex.wordpress.org/Installing_WordPress#Step_5:_Run_the_Install_Script

RE: Blocking malicious users

There’s no real effective way to do it, because any information you can obtain and hold about a user can be spoofed and changed within moments, you run the risk of blocking legitimate users.

RE: Failed login attempts

This could be useful, but there’s always the possibility a malicious user locks out an admin(or another user) from their own installation simply by purposely trying to login to that user’s account with invalid login credentials. Regulating the time between login attempts might help but in honestly any smart hacker would automate the procedure anyway and this becomes a moot point to some degree(but yeah sure, it will stop a few).

That’s just my opinion on those specific points, take it as you will.. 🙂

Related Posts:

  1. Verifying that I have fully removed a WordPress hack?
  2. If a hacker changed the blog_charset to UTF-7 does that make WordPress vulnerable to further attacks?
  3. Tips for finding SPAM links injected into the_content
  4. What should I do about hacked server?
  5. How can I find security hole in my wordpress site?
  6. How to prevent bot or someone to modify any file automatically?
  7. wp-config.php modified?
  8. Suspicious Files
  9. How to prevent wp-login brute force attack from thousand of different IP? [duplicate]
  10. Malware script in database post table only? [closed]
  11. Verifying that I have fully removed a WordPress hack?
  12. How can I safely hide the fact that my website runs on WordPress? [closed]
  13. My WordPress Websites are always under attack
  14. How to find exploited wordpress plugin [closed]
  15. Any known bugs that could cause disappearance of the wp_users table?
  16. On new server, site got hacked, permissions a bit strange? Please help
  17. Replace domain in database
  18. Remove hacked code – out of ideas! [closed]
  19. WordPress Database Re-installed (Hacked)
  20. Verifying that I have fully removed a WordPress hack?
  21. Could a user account with a stolen password compromised entire WP site?
  22. how to find the way they hacked my WP site
  23. How to stop repeated hack on header.php of custom theme? [closed]
  24. Is my WP site being hacked?
  25. WordPress Hacks/Defacing [closed]
  26. what is a auth_user_file.txt?
  27. How to view PHP on live site
  28. Is moving wp-config outside the web root really beneficial?
  29. Hide the fact a site is using WordPress?
  30. Best way to eliminate xmlrpc.php?
  31. Are Nonces Useless?
  32. What is the difference between esc_html filter vs attribute_escape filter?
  33. Which KSES should be used and when?
  34. How do WordPress Nonces Work?
  35. How can I easily verify a core or plugin update has not broken anything?
  36. Disable comment windows for all existing posts (pages/blogposts)
  37. How Attackers write script into my php files?
  38. Generate WordPress salt
  39. Stop wordpress automatically escaping $_POST data
  40. how can i embed wordpress backend in iframe
  41. Handling nonces for actions from guests to logged-in users
  42. Can I force a password change?
  43. How brute-forcer knows that the password is cracked for target username?
  44. What is pclzip.lib.php file that wordfence think it’s a malicious code
  45. Can someone (Support of my themeprovider) get access to my server If I send them my admin login?
  46. How to disable XML-RPC from Linux command-line in a total way?
  47. How to remove javascript malware in wordpress site [closed]
  48. Securing my WordPress Files and Directories
  49. Single sign-on: wp_authenticate_user vs wp_authenticate
  50. How to allow internal links using wp_kses filtration
  51. hSite has no css on mobile [closed]
  52. How does Cross Site Scripting (XSS) work exactly? [closed]
  53. How does the “authentication unique keys and salts” feature work?
  54. vs WordPress Security
  55. esc_html__ security : what for in this example?
  56. Using HTACCESS for Secret Access
  57. wp-config.php being written by attacker
  58. Definitive wordpress directory ownership and permissions on linux
  59. XML-RPC errors they know my username?
  60. Is [admin / admin] acceptable for all local websites?
  61. Simple Online Payment for Event Registration [closed]
  62. What may be causing failure of auto-install features in WordPress (v3.0.3)?
  63. Client side HTTP parameter pollution (reflected)
  64. Local file inclusion critical security issue [closed]
  65. Best practices to assert current_user_can() with guests
  66. XMLRPC slow and weird websites/services
  67. Are there security risks in working directly in the themes folder that builds into a theme folder?
  68. Is it safe to hand over the admin rights?
  69. How I can open back door for myself?
  70. Does meta-data need to be sanitized?
  71. How can I force a specific password?
  72. malware undetectable by multiple scans
  73. Are SVG image files safe to upload? Why WP defines them as a security risk? [duplicate]
  74. Who updates the wp-admin/core file?
  75. How WordPress sanitizes post content on save? Or it doesn’t?
  76. Does this code indicate an exploit?
  77. How can I restrict access to specific parts of a page, not just the page itself?
  78. Has anyone developed a anti-spam plugin to simply allow users to BLOCK whatever they wish to, but one that will also go easy on IP addresses?
  79. User generated content and security
  80. HSTS header not being added correctly
  81. how to protect wordpress content from crawler
  82. Can WordPress admin user + database credentials be used to gain Cpanel or FTP access?
  83. Should I worry about SQL injection when using REST API?
  84. Spam Registrations
  85. Links to root domain from search engines don’t work, but direct links and links from other referrers do
  86. How can I backup my site if it gets hacked?
  87. How can I have more confidence that WP plugins aren’t getting and storing user data?
  88. Avoid ‘uploads’ 777 permissions: Potential threat or clean solution?
  89. Secure Multiple WordPress Installations on shared hosting
  90. Any way to disable /wp-login.php redirecting to the site folder?
  91. Able to go to WordPress admin even after deleting auth cookies from request headers
  92. Is WordPress ready for GDPR compliance? [closed]
  93. Step by Step Instructions for Making Media/Uploads Private to Only Logged-In Users
  94. suspicious boolean.php file in wp web root [closed]
  95. Is this a WordPress security bug?
  96. Competitor is somehow accessing MetaData on a hidden WordPress site
  97. checking the form submit in right order
  98. Our security auditor is an idiot. How do I give him the information he wants?
  99. SSH keypair generation: RSA or DSA?
  100. WordPress – tracking options