WordPress 3.0 Adds Better Security

by on 06/21/2010 in Security, WordPress

In regard to the current issues with security, WordPress developers put more emphasis on security with the newly released WordPress 3.0.

The new welcome screen now has improved security measures to defend against brute force attacks. It now has options for choosing a username and setting your own password.

In previous versions of WordPress the default username was automatically generated as “admin”. This was a security risk. After completing a WordPress install, users had to create a new username and then delete the default “admin” user for security against brute force attacks.

The new WordPress 3.0 Welcome screen

WordPress 3.0

Brute force attacks are common and you should also install the Login Lockdown plug-in here. Login LockDown records the IP address and time stamp of every failed log in attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the log in function is disabled for all requests from that range.

The biggest security risk is when people don’t follow best practices when selecting a password. Users should follow the password strength meter in WordPress 3.0. It’s best to mix in upper and lowercase characters with numbers and special characters. Your password should be at least 7 characters in length.

The new security features are great, but could have come sooner.

Related WordPress Security Articles:
How to Fix the Recent WordPress Hack
WordPress Under Attack Again
WordPress Self Hosted Blogs Under Attack

9 Responses to “WordPress 3.0 Adds Better Security”

  1. Andrew @ Blogging Guide

    Jun 22nd, 2010

    Well, as they say, better late than never…

    • Frank Jovine

      Jun 23rd, 2010

      Andrew,

      I hope they continue to put emphasis into security.

  2. Klaus

    Jun 23rd, 2010

    Hi this is great news – I have been waiting for that change for some time.

  3. J @ Vancouver Forum

    Jun 24th, 2010

    Good move, but a slow one at that..especially for such a leader in the realm of blogging software.

  4. Rohit Sane

    Jun 26th, 2010

    Security issues are okay.. Lock-Down is a cool system. But there are a lot of migration problems arising with the databases as we upgrade the WP version.. I felt it would have been better sticking with 2.9.2 version for some more time.

  5. isshmen

    Jun 27th, 2010

    I already use WordPress 3.0 ..this update is better than the other versions.. Good job!

  6. Alan

    Jul 5th, 2010

    I haven’t yet updated to WordPress 3.0, but I will proceed now. Thanks for the tip about Login Lockdown. It sounds like an essential tool.

  7. J Hook

    Jul 16th, 2010

    What I’ve not been able to find is a maximum length for a WordPress password and what characters are allowed or not allowed.

    WordPress should have a little hover “?” icon next to password, indicating what the rules are. I may well be mistaken, but it appears Wordprss truncates long passwords to 15 characters.

    Also, a plugin like Chap Secure Login should be standard equipment for future WordPress to encrypt the password without the normal SSL requirement.

    • Frank Jovine

      Jul 16th, 2010

      J Hook,

      Good points and hopefully the WP Community will suggest such.