[wp-testers] Incorrect Username / Incorrect Password
Stephen Rider
wp-hackers at striderweb.com
Fri Apr 4 17:35:47 GMT 2008
On Apr 3, 2008, at 10:33 AM, Michael Clark wrote:
> At 3:49 PM +0100 4/3/08, Daniel Woolstencroft wrote:
>> Is there an argument for _not_ having the default username as
>> Admin? Maybe
>> as one of the install steps we ask what the default username should
>> be? Or
>> include it in wp_config...?
>
> Yes, if the default WP super user is not the regular and expected
> "admin" user login, then an attacker will have a more difficult time
> hacking and cracking your WordPress. If anything, automated attacks
> would be much more likely to fail. In an ideal world, you would
> never post anything as the admin. Your day to day blogging and
> commenting would be done as a regular author user, not as user with
> admin privileges. Mike
Is there anything in WordPress that _depends_ on the existence of a
user named "admin"? How about a user with id = 1 ?
Without knowing for sure, I'm guessing deleting user #1 might do bad
things. Going directly into MySQL and renaming him though sounds
relatively safe.
Thoughts?
Stephen
--
Stephen Rider
<http://striderweb.com/>
More information about the wp-testers
mailing list