Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. WordPress (Developer)
  3. Make the user creating a Wordpress (Developer Edition) site the 1st Administrator user

Make the user creating a Wordpress (Developer Edition) site the 1st Administrator user

Scheduled Pinned Locked Moved WordPress (Developer)
12 Posts 6 Posters 1.6k Views 6 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • robiR Offline
    robiR Offline
    robi
    wrote on last edited by
    #2

    I solved this by creating a wp0 "template" install that has all this and more completed, from which you clone every new site. Very handy.

    Conscious tech

    marcusquinnM 1 Reply Last reply
    4
    • robiR robi

      I solved this by creating a wp0 "template" install that has all this and more completed, from which you clone every new site. Very handy.

      marcusquinnM Offline
      marcusquinnM Offline
      marcusquinn
      wrote on last edited by
      #3

      @robi Sorta, but then that needs to be maintained on each Cloudron

      Web Design https://www.evergreen.je
      Development https://brandlight.org
      Life https://marcusquinn.com

      robiR 1 Reply Last reply
      3
      • marcusquinnM marcusquinn

        @robi Sorta, but then that needs to be maintained on each Cloudron

        robiR Offline
        robiR Offline
        robi
        wrote on last edited by
        #4

        @marcusquinn you're right, which is another reason why it's so useful to have remote app import across cloudrons.

        Conscious tech

        1 Reply Last reply
        2
        • martinkbsM Offline
          martinkbsM Offline
          martinkbs
          wrote on last edited by
          #5

          @marcusquinn another faster option is to change in the wp_usermeta table of the database the initial meta_value of the meta_key wp_capabilities to a:1:{s:13:"administrator";b:1;}

          13c2a1cc-54ad-472e-b661-814b8c8425ad-image.png

          With that, the user newly created by LDAP has administrator permissions. Just delete or modify the user_login admin user in the wp_users table to make it less vulnerable.

          Of course, sharing the same LDAP user and password in multiple applications is not a safe practice either 😜

          And finally, you can also create a small n8n workflow in which passing the appID of the WordPress installation in Cloudron, does all the work for you... 😎

          marcusquinnM 1 Reply Last reply
          2
          • martinkbsM martinkbs

            @marcusquinn another faster option is to change in the wp_usermeta table of the database the initial meta_value of the meta_key wp_capabilities to a:1:{s:13:"administrator";b:1;}

            13c2a1cc-54ad-472e-b661-814b8c8425ad-image.png

            With that, the user newly created by LDAP has administrator permissions. Just delete or modify the user_login admin user in the wp_users table to make it less vulnerable.

            Of course, sharing the same LDAP user and password in multiple applications is not a safe practice either 😜

            And finally, you can also create a small n8n workflow in which passing the appID of the WordPress installation in Cloudron, does all the work for you... 😎

            marcusquinnM Offline
            marcusquinnM Offline
            marcusquinn
            wrote on last edited by
            #6

            @martinkbs Thanks. Yeah, appreciate that, but misses the time-saving for everyone benefit of solving it in the app build. I just can't think of any reason to have an admin/changeme user to start with, when the Cloudron user creating the app is the Admin that that wanted it, and they already have credentials to get as far as creating an app.

            Web Design https://www.evergreen.je
            Development https://brandlight.org
            Life https://marcusquinn.com

            1 Reply Last reply
            2
            • marcusquinnM marcusquinn

              Every time I setup a Wordpress (Developer Edition) app website, I have to go through:

              1. Login with my LDAP to create my user
              2. Logout
              3. Login as admin/changeme
              4. Set my user as an Administrator
              5. Logout
              6. Login as my user
              7. Delete the default admin user.

              It's not recommended to have a default admin user, anyway, to make one less known attack vector.

              If possible, creating the Cloudron User that creates the Wordpress (Developer Edition) as the 1st Wordpress User and Administrator would save those 7 steps above on each setup, and be a little better best-practice for security and named responsibility for each app.

              Just a little quality of life request that I think is good for all.

              jdaviescoatesJ Online
              jdaviescoatesJ Online
              jdaviescoates
              wrote on last edited by
              #7

              @marcusquinn said in Make the user creating a Wordpress (Developer Edition) site the 1st Administrator user:

              Every time I setup a Wordpress (Developer Edition) app website, I have to go through:

              Login with my LDAP to create my user
              Logout
              Login as admin/changeme
              Set my user as an Administrator
              Logout
              Login as my user
              Delete the default admin user.
              

              Heh, yeah, same.

              I use Cloudron with Gandi & Hetzner

              1 Reply Last reply
              1
              • girishG Offline
                girishG Offline
                girish
                Staff
                wrote on last edited by
                #8

                Unfortunately, the upstream LDAP plugin does not support this setup. It only supports setting the default role of LDAP user to admin for all users. We had this before but people said this is a security issue because it makes even normal Cloudron users admin...

                marcusquinnM 1 Reply Last reply
                1
                • girishG girish

                  Unfortunately, the upstream LDAP plugin does not support this setup. It only supports setting the default role of LDAP user to admin for all users. We had this before but people said this is a security issue because it makes even normal Cloudron users admin...

                  marcusquinnM Offline
                  marcusquinnM Offline
                  marcusquinn
                  wrote on last edited by
                  #9

                  @girish I wonder if if could be done as changing the username of user 1 from admin to mycloudronusername using CLI:

                  • https://developer.wordpress.org/cli/commands/user/update/

                  Then the password could be a random string, instead of changeme, since the LDAP plugin should lookup the username from the WP table, and the auth for that username from the LDAP database if it doesn't match the local password.

                  As far as I can tell with the LDAP plugin, each user has two passwords, the local one, and the LDAP one, and both work for the same username.

                  If this works as I hope/expect, then it also eliminates the window of time where there's a default password, not that I think that's a major risk, but it's a bit iffy.

                  Web Design https://www.evergreen.je
                  Development https://brandlight.org
                  Life https://marcusquinn.com

                  girishG 1 Reply Last reply
                  0
                  • marcusquinnM marcusquinn

                    @girish I wonder if if could be done as changing the username of user 1 from admin to mycloudronusername using CLI:

                    • https://developer.wordpress.org/cli/commands/user/update/

                    Then the password could be a random string, instead of changeme, since the LDAP plugin should lookup the username from the WP table, and the auth for that username from the LDAP database if it doesn't match the local password.

                    As far as I can tell with the LDAP plugin, each user has two passwords, the local one, and the LDAP one, and both work for the same username.

                    If this works as I hope/expect, then it also eliminates the window of time where there's a default password, not that I think that's a major risk, but it's a bit iffy.

                    girishG Offline
                    girishG Offline
                    girish
                    Staff
                    wrote on last edited by
                    #10

                    @marcusquinn said in Make the user creating a Wordpress (Developer Edition) site the 1st Administrator user:

                    mycloudronusername

                    The app currently doesn't know about Cloudron users and their usernames (until they login)

                    marcusquinnM 1 Reply Last reply
                    0
                    • girishG girish

                      @marcusquinn said in Make the user creating a Wordpress (Developer Edition) site the 1st Administrator user:

                      mycloudronusername

                      The app currently doesn't know about Cloudron users and their usernames (until they login)

                      marcusquinnM Offline
                      marcusquinnM Offline
                      marcusquinn
                      wrote on last edited by
                      #11

                      @girish but the package manifest does? And we know the default user is always admin. Would something like this not work before declaring as Running?
                      $ wp user update admin --user=<cloudonusername> --display_name=<cloudrondisplayname> --user_email=<cloudronuseremail> --user_pass=<random> --first_name=<cloudronuserfirst_name> --last_name=<cloudronuserlast_name> --user_nicename=<cloudronuserfullname>

                      Web Design https://www.evergreen.je
                      Development https://brandlight.org
                      Life https://marcusquinn.com

                      1 Reply Last reply
                      0
                      • P Offline
                        P Offline
                        p44
                        translator
                        wrote on last edited by p44
                        #12

                        @marcusquinn I use these commands, via Terminal MySQL Access:

                        //display active users
                        select user_login, user_nicename, display_name from wp_users;
                        
                        //change user_nicename
                        UPDATE wp_users SET user_nicename = 'myusername' WHERE user_nicename = 'admin';
                        
                        //change user_login
                        UPDATE wp_users SET user_login = 'myusername' WHERE user_login = 'admin';
                        
                        //change display_name
                        UPDATE wp_users SET display_name = 'myusername' WHERE display_name = 'admin';
                        
                        //change user email
                        UPDATE `wp_users` SET `user_email` = "myemail@email.com" WHERE `wp_users`.`user_login` = "myusername";
                        
                        //change admin password
                        UPDATE WORDPRESSDATABASE.wp_users SET user_pass = MD5('NEWPASSWORD') WHERE user_login = 'myusername';
                        
                        1 Reply Last reply
                        3
                        Reply
                        • Reply as topic
                        Log in to reply
                        • Oldest to Newest
                        • Newest to Oldest
                        • Most Votes


                        • Login

                        • Don't have an account? Register

                        • Login or register to search.
                        • First post
                          Last post
                        0
                        • Categories
                        • Recent
                        • Tags
                        • Popular
                        • Bookmarks
                        • Search