Suggestions for the login process and its overall security

  • atmospherecommunication

    (@atmospherecommunication)


    8 years, 8 months ago

    Hello,

    We are a French web agency and we use WordPress for every kind of websites: shops, real estate websites, beautiful and neat websites, town hall websites, etc. We are dedicated to our work in order to offer the very best for our customers.

    Unfortunately, one of our customers recently pointed out few security issues or maybe lack of security options, in the WordPress login process.

    #1: If someone tries to connect to the WordPress admin and that the username is wrong, the password field is emptied. But if he tries a username that is an existing one, the password field isn’t emptied so that it will help that person to know the username he tried to log in with is a valid one. As far as we know, you need to use Wordfence to fix this. This could be a standard behaviour.

    #2: WordPress allows a user to employ a password he already used before. If a user decides to change his password, WordPress will still allow him to utilize the exact match password he previously had to log in. WordPress does not archive former passwords to prevent this. A cool thing would be to not allow users to reuse a password they previously used. Some of our customers have asked this to ensure the person behind their website changes its password regularly as their internal regulations asks for. By the way, an administrator can’t set a password change request for the back-office users. That would be a neat feature to add in terms of security.

    #3: While login in to the WordPress admin, a malicious person can read the password using a program like WireShark that will show him the password unencrypted in the hexadecimal sheet. More security at this point would be great.

    #4: The retrieval method for a forgotten password could be more secured. If a malicious person has an access to the email of the person, he can easily get the password. The best would be to add secret questions to this process (that could be an option for roles such as admins and editors for instance).

    Thanks for your consideration.
    Keep up the good work.

    [ Link and signature moderated ]

Viewing 1 replies (of 1 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    *Reads*

    Those are good points. Here’s my take on them. All opinions are mine and not part of any group I may be part of. ??

    #1 is correctly handled by a plugin. It’s a UI thing and while there is some data leakage it’s not really a security feature. It just confirms that the account exists. The security is in the password, not the account ID.

    #2 Also best handled by a plugin, though I am at a lost to think of one that does that password hash storing. A security plugin may do that.

    This is also a UI thing. Sometimes users want to recycle passwords. Yes, that’s always a bad idea but it’s a WordPress installation not a Nuclear Launch Codes system. ??

    #3 I agree with you there, but that’s not a WordPress issue. Any credentials passed in the clear can eventually be obtained if you have enough time and CPU cycles.

    There’s 2 ways to handle that. One way is to enforce 2FA on your admin accounts.

    https://codex.www.ads-software.com/Two_Step_Authentication

    Another way is to enforce TLS encryption on your site.

    https://codex.www.ads-software.com/Administration_Over_SSL

    I use both options. ??

    #4 I think that’s an interesting idea but I’ve personally run afoul of with companies that ask inane default questions. Custom questions entered by users? What if they pick poor questions?

    The current system does not transmit passwords but a reset link (I think it was introduced in 4.4?) It uses email because most installations and users have access to email.

Viewing 1 replies (of 1 total)
  • The topic ‘Suggestions for the login process and its overall security’ is closed to new replies.