WordPress.org

Support

Support » How-To and Troubleshooting » Removind default admin

Removind default admin

  • MarjoriesDaughter

    @marjoriesdaughter

    Having an admin account with the default user name is a security risk. Is there a way to reassign the default to another admin or at least change the admin name without going into the database?

Viewing 4 replies - 1 through 4 (of 4 total)
  • esmi

    @esmi

    Forum Moderator

    Having an admin account with the default user name is a security risk.

    No it isn’t. The real security of the login lies with your password – not your username. However, there’s nothing stopping you from setting up another admin user, logging in as the second admin and deleting the original admin.

    MarjoriesDaughter

    @marjoriesdaughter

    The delete worked. My fault for not logging out 🙂 duh!

    I used to think that the user name didn’t matter, but a login is the combination of a user name and password. When one of those is obvious, you have lost a lot of the security of the combination. I have a couple of web security books that discuss this type of issues.

    esmi

    @esmi

    Forum Moderator

    They might well do but that really doesn’t apply to a WordPress site. As soon as you start linking to any author, their username will be exposed in the url.

    MarjoriesDaughter

    @marjoriesdaughter

    That is true! However, it is another step for an attacker to garnish all your author user names off the website and then use them. If you have your admin user set as admin, that is one step they don’t have to do.

    There is no “magic bullet” in security. It’s a little bit of this and a little bit of that.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Removind default admin’ is closed to new replies.