WordPress.org

Ready to get started?Download WordPress

Forums

Removind default admin (5 posts)

  1. MarjoriesDaughter
    Member
    Posted 1 year ago #

    Having an admin account with the default user name is a security risk. Is there a way to reassign the default to another admin or at least change the admin name without going into the database?

  2. esmi
    Forum Moderator
    Posted 1 year ago #

    Having an admin account with the default user name is a security risk.

    No it isn't. The real security of the login lies with your password - not your username. However, there's nothing stopping you from setting up another admin user, logging in as the second admin and deleting the original admin.

  3. MarjoriesDaughter
    Member
    Posted 1 year ago #

    The delete worked. My fault for not logging out :-) duh!

    I used to think that the user name didn't matter, but a login is the combination of a user name and password. When one of those is obvious, you have lost a lot of the security of the combination. I have a couple of web security books that discuss this type of issues.

  4. esmi
    Forum Moderator
    Posted 1 year ago #

    They might well do but that really doesn't apply to a WordPress site. As soon as you start linking to any author, their username will be exposed in the url.

  5. MarjoriesDaughter
    Member
    Posted 1 year ago #

    That is true! However, it is another step for an attacker to garnish all your author user names off the website and then use them. If you have your admin user set as admin, that is one step they don't have to do.

    There is no "magic bullet" in security. It's a little bit of this and a little bit of that.

Topic Closed

This topic has been closed to new replies.

About this Topic