[wp-trac] [WordPress Trac] #39645: If user "admin" doesn't exist (renamed admin account) users can create a user with username admin
WordPress Trac
noreply at wordpress.org
Fri Jan 27 02:47:30 UTC 2017
#39645: If user "admin" doesn't exist (renamed admin account) users can create a
user with username admin
--------------------------+------------------------------
Reporter: jobst | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 4.7.1
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by mrtortai):
There are millions of bots targeting WordPress login pages and 'admin' is
by far the most common username attempted. A common security
recommendation to harden an installation is to change the default 'admin'
username to something else.
There are security plugins available which let you block certain
usernames. However, I wonder if WP core prevented 'admin' and
'administrator' from ever being used, how it will impact security as well
as usability.
I think it could be a boost to security with very little usability impact.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39645#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list