Opened 11 years ago
Closed 11 years ago
#33889 closed enhancement (wontfix)
disable admin username
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 4.3 |
| Component: | Users | Keywords: | 2nd-opinion dev-feedback |
| Focuses: | administration | Cc: |
Description
By default I think the admin username should be blocked to use. It is too big of a security vulnerability if someone uses the admin username.
Change History (2)
Note: See
TracTickets for help on using
tickets.
usernames are not private information in WordPress. This is a deliberate design decision. Therefore blocking the use of any specific username doesn't provide any noticeable benefit towards security. As of WordPress 3.7, the
adminusername is no longer the default, new installs need to purposefully choose admin as the username and people doing so should be assumed to know what they are doing.