[wp-testers] Incorrect Username / Incorrect Password
Xel
xel at netgra.de
Fri Apr 4 20:13:05 GMT 2008
you may delete, rename or just give it a passwort no one would ever guess.
If you delete it there will be no negative effects (tested from 2.0 up to WP
2.5) if you rename it this wouldn't be as secure as deleting, but it will
give you a good bite of security. No negative effects known - but I never
did this. Nobody needs to know the ID of your admin user ;-)
2008/4/4, Stephen Rider <wp-hackers at striderweb.com>:
>
>
> On Apr 3, 2008, at 10:33 AM, Michael Clark wrote:
>
> > At 3:49 PM +0100 4/3/08, Daniel Woolstencroft wrote:
> >
> > > Is there an argument for _not_ having the default username as Admin?
> > > Maybe
> > > as one of the install steps we ask what the default username should
> > > be? Or
> > > include it in wp_config...?
> > >
> >
> > Yes, if the default WP super user is not the regular and expected
> > "admin" user login, then an attacker will have a more difficult time hacking
> > and cracking your WordPress. If anything, automated attacks would be much
> > more likely to fail. In an ideal world, you would never post anything as the
> > admin. Your day to day blogging and commenting would be done as a regular
> > author user, not as user with admin privileges. Mike
> >
>
> Is there anything in WordPress that _depends_ on the existence of a user
> named "admin"? How about a user with id = 1 ?
>
> Without knowing for sure, I'm guessing deleting user #1 might do bad
> things. Going directly into MySQL and renaming him though sounds relatively
> safe.
>
> Thoughts?
>
> Stephen
>
>
> --
> Stephen Rider
> <http://striderweb.com/>
>
>
>
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
>
More information about the wp-testers
mailing list