[wp-hackers] Maybe a secure-hole
Aaron D. Campbell
aaron at xavisys.com
Thu Oct 9 15:29:38 GMT 2008
To be fair, none of my blogs have a username of admin. Neither do any
of the WordPress installs that I do.
As for the topic at hand, the login name is the only thing for each user
that is guaranteed to be unique except for the id, and that would make
for some poor urls (/author/234).
> This has been addressed many, many times before. Security through obscurity
> isn't real security, plus there are plenty of other ways to get usernames.
> Plus every single blog has "admin" so there's no real need to bother with
> other usernames.
More information about the wp-hackers