|
|
|
|
|
|
by zirkonit
4148 days ago
|
|
|
#2 is awful and is damaging for the Internet as a whole and a big oversight on the Automattic's part. “admin” as a default username + lack of out-of-the-box rate limiting of incorrect login attempts + default login page address means that any Wordpress blog is bruteforcable. WP blogs are overtaken by malicious entities all the time, every day; they are used for SEO purposes and to spread malware. I would be hardpressed to estimate the actual spread of the problem, but a significant share of all malware online is spread precisely by the overtaken Wordpress blogs. |
|
|