[wp-trac] [WordPress Trac] #24078: Remove 'admin' as default username in install

WordPress Trac noreply at wordpress.org
Mon Apr 15 04:23:46 UTC 2013


#24078: Remove 'admin' as default username in install
-----------------------------+------------------------------
 Reporter:  chrisrudzki      |       Owner:
     Type:  enhancement      |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Upgrade/Install  |     Version:  3.5
 Severity:  normal           |  Resolution:
 Keywords:  has-patch        |
-----------------------------+------------------------------

Comment (by ryansatterfield):

 Replying to [comment:15 chrisrudzki]:
 I'd like to address something you removed in an editsince a lot of people
 believe this isn't that important. "Not sure how it "majorly impacts"
 people already using the 'admin' username." The way this works is that the
 automated scripts look for the name admin and then starts brute-forcing
 the site. For more information on how this works read my companies article
 http://planetzuda.com/news/2013/04/14/wordpress-security-tips/.
 > Replying to [comment:14 ryansatterfield]:
 > >  This majorly impacts people who use the username Admin.
 Unfortunately, too many people use the default username. Maybe In 3.5.2
 when the person logs in, you could check to see if the username is admin
 and if it is, then let them reset it?  I'll work on a patch later, if
 someone doesn't beat me to it.
 >
 > I think checking if someone's already using the 'admin' username, and
 allowing them to change it, is outside the scope of this ticket. Changing
 usernames is specifically addressed in #14644

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/24078#comment:16>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list