[wp-trac] [WordPress Trac] #24078: Remove 'admin' as default username in install
WordPress Trac
noreply at wordpress.org
Mon Apr 15 04:23:46 UTC 2013
#24078: Remove 'admin' as default username in install
-----------------------------+------------------------------
Reporter: chrisrudzki | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version: 3.5
Severity: normal | Resolution:
Keywords: has-patch |
-----------------------------+------------------------------
Comment (by ryansatterfield):
Replying to [comment:15 chrisrudzki]:
I'd like to address something you removed in an editsince a lot of people
believe this isn't that important. "Not sure how it "majorly impacts"
people already using the 'admin' username." The way this works is that the
automated scripts look for the name admin and then starts brute-forcing
the site. For more information on how this works read my companies article
http://planetzuda.com/news/2013/04/14/wordpress-security-tips/.
> Replying to [comment:14 ryansatterfield]:
> > This majorly impacts people who use the username Admin.
Unfortunately, too many people use the default username. Maybe In 3.5.2
when the person logs in, you could check to see if the username is admin
and if it is, then let them reset it? I'll work on a patch later, if
someone doesn't beat me to it.
>
> I think checking if someone's already using the 'admin' username, and
allowing them to change it, is outside the scope of this ticket. Changing
usernames is specifically addressed in #14644
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24078#comment:16>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list