[wp-hackers] Maybe a secure-hole

Aaron D. Campbell aaron at xavisys.com
Thu Oct 9 15:29:38 GMT 2008

To be fair, none of my blogs have a username of admin.  Neither do any 
of the WordPress installs that I do.

As for the topic at hand, the login name is the only thing for each user 
that is guaranteed to be unique except for the id, and that would make 
for some poor urls (/author/234). 

Viper007Bond wrote:
> This has been addressed many, many times before. Security through obscurity
> isn't real security, plus there are plenty of other ways to get usernames.
> Plus every single blog has "admin" so there's no real need to bother with
> other usernames.

More information about the wp-hackers mailing list