User level security

  • Hi folks,

    What is the general consensus on password strength for authors/contributors/subscribers?

    Wordfence is saying some of our authors have weak passwords. My first thought was to just ignore this, but I started wondering. Have there ever been cases where an attacker has elevated author/contributor/subscriber privileges to admin level? Or is there any other way an author can do serious damage (beyond merely deleting/defacing that particular author’s articles)?

    Thanks.

Viewing 1 replies (of 1 total)
  • Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    It’s important for all users to have secure passwords. Someone with the intention of doing damage will probably find a way how to, so it’s best that they don’t have author (or any) privileges. Once the hacker compromises your installation then that will affect all of your role types.

    • This reply was modified 8 years, 5 months ago by Andrew Nevins.
Viewing 1 replies (of 1 total)
  • The topic ‘User level security’ is closed to new replies.

Tags