[wp-trac] [WordPress Trac] #24078: Remove 'admin' as default username in install
WordPress Trac
noreply at wordpress.org
Sat Apr 13 20:56:55 UTC 2013
#24078: Remove 'admin' as default username in install
-----------------------------+------------------------------
Reporter: chrisrudzki | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version: trunk
Severity: major | Resolution:
Keywords: has-patch |
-----------------------------+------------------------------
Comment (by chrisrudzki):
Replying to [comment:2 mark-k]:
> I don't think this is major in any way. User names in wordpress are
public knowledge (can be retrieved from author page url) so while I agree
that there is no reason to have a default user name, it doesn't add much
security (I guess that is the point of this ticket).
It's low hanging fruit. Many people are suggesting that users change their
usernames away from "admin" anyway (e.g., http://ma.tt/2013/04/passwords-
and-brute-force/), so let's encourage users to not use it in the first
place.
I don't know how "much" security it adds. But my impression is that the
current crop of bots are trying sites with "admin" usernames.
Regardless of whether the username is discoverable, this is a pretty
simple step that'll either add some protection or, in the worst case given
more sophisticated bots, no extra protection. It's also worth considering
that many users will probably keep their usernames around for a while, so
it's worth addressing this sooner than later.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24078#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list