Author: Aaron D. Campbell

In Support of Stronger Passwords – Not Secret Usernames

I can discover usernames in WordPress, which means I’m halfway to compromising an account. It’s a common security report. The details vary – sometimes they find usernames through CSS classes, sometimes they’re using enumeration, sometimes it’s from a REST API endpoint – but the real problem is that the underlying logic is flawed. WordPress has […]