[wp-trac] [WordPress Trac] #39645: If user "admin" doesn't exist (renamed admin account) users can create a user with username admin
WordPress Trac
noreply at wordpress.org
Fri Jan 20 04:42:22 UTC 2017
#39645: If user "admin" doesn't exist (renamed admin account) users can create a
user with username admin
--------------------------+-----------------------------
Reporter: jobst | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 4.7.1
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
I am not sure whether this is a bug, should be discussed or changed.
I have renamed my "admin" account to something else for security reasons.
I was surprised to see a person being able to create a user with username
"admin" due to the email address given "admin at example.com".
I cannot count the amount of script kiddies trying to get into the
installation everyday using 'admin' ... so having a user with username
"admin" it is a little bit of a security problem.
Should there not be a way to disable the creation of particular usernames?
Should this be done through wordpress core?
Would this not be a good feature to have that certain usernames cannot be
created?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39645>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list