WordPress User Security

Out-the-box, WordPress has a weakness when it comes to user security.

Attempts to login with a valid username (but incorrect password) gives away that an account exists with that username; and author archives use the user login as the URL in the format site.com/author/{username}

I’ve put together a quick plugin that remedies these issues; this:

  • Disguises login errors with a generic message
  • Disables author archives
  • Changes author links to the homepage
  • Changes author posts links to the site name / site URL

It’s pretty basic stuff but has lead to a 300% decrease in login attempts using a valid username on this site alone. I’m in the process of getting this packaged up and onto WordPress.org – in the meantime you can download this here from Github Gist.

Download Now

Speaking at WordCamp Manchester

After my talk at WordCamp Brighton in July, I’ve been invited to talk at WordCamp Manchester about Multisite.

This is the same talk I gave in Brighton – Lessons Learned Using WordPress Multisite.

In this talk I’ll be highlighting some of the key differences compared with a standard WordPress install, along with some of the lessons I’ve learned along the way.

This talk is suitable for beginners and intermediate developers.

Slides

Slides will be available after the presentation

Video

The video will be available on WordPress.tv soon!

Speaking at WordCamp Brighton

As Head of Support at one of the UK’s largest WordPress development companies, I spend a fair amount of time working on complex or technical functionality for our clients.

I’ve been invited to speak at WordCamp Brighton 2016 about WordPress Multisite.

In this talk I’ll be highlighting some of the key differences compared with a standard WordPress install, along with some of the lessons I’ve learned along the way.

This talk is suitable for beginners and intermediate developers.

Slides

Video