Do not suggest a default username in wp-admin/install.php
|Reported by:||lovingboth||Owned by:|
By suggesting a user_name of 'admin' for the first user, install.php ensures that 'admin' is by far the most popular target for hack attempts on the almost certainly correct basis that it is probably by far the most popular user_name.
It, and the lack of any password quality enforcement or limiting access to wp-login.php after multiple failed attempts, directly contributes to the large number of hacked WordPress sites. I doubt very much that any WordPress developer would suggest 'admin' if a new user asked them directly what user_name to have, but this has been done via install.php for far too long.
Giving no default user_name will help protect new installations and force attackers to discover valid names.