Tag Archives: security

I suppose it’s not terribly surprising that WordPress are bad at security

Fact: If you try to leave a comment on a wordpress.com blog with an email address you have registered to a wordpress.com account, it will ask you to sign in.

Fact 2: wordpress.com allows you to have custom domains (I think this might be a paid feature, not that that matters).

Fact 3: If you combine the previous two facts, WordPress asks you to log in on the custom domain you are currently trying to leave a comment on.

Yes, that’s right. WordPress is asking you to put your account password into a third party domain simply on the strength of it telling you that it’s a wordpress.com blog, honest for reals.

But I guess it’s OK. There’s totally a WordPress icon on the page where it asks you to log in, and there’s no way anyone could fake that.

This entry was posted in Uncategorized and tagged on by .