[wp-trac] [WordPress Trac] #39645: If user "admin" doesn't exist (renamed admin account) users can create a user with username admin

WordPress Trac noreply at wordpress.org
Fri Jan 27 02:47:30 UTC 2017


#39645: If user "admin" doesn't exist (renamed admin account) users can create a
user with username admin
--------------------------+------------------------------
 Reporter:  jobst         |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Users         |     Version:  4.7.1
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:
--------------------------+------------------------------

Comment (by mrtortai):

 There are millions of bots targeting WordPress login pages and 'admin' is
 by far the most common username attempted. A common security
 recommendation to harden an installation is to change the default 'admin'
 username to something else.

 There are security plugins available which let you block certain
 usernames. However, I wonder if WP core prevented 'admin' and
 'administrator' from ever being used, how it will impact security as well
 as usability.

 I think it could be a boost to security with very little usability impact.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/39645#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list