Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Suggestion: Alternative Username other than 'Admin' for Wordpress

    Discuss
    4
    4
    652
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jagan last edited by

      Hi,
      A Feature suggestion please:

      I installed wordpress on cloudron and found the first user to be 'admin' (users handled by app) - I manually added another administrator user and deleted the first one.

      May I suggest that the first administrator username be something different since bruteforce attacks try 'admin' first before anything else.

      This could be a good practice. Just my 2 cents.

      Thanks!

      ? 1 Reply Last reply Reply Quote 2
      • ?
        A Former User @jagan last edited by

        @jagan I second this, as a cyber security consultant, you wouldnt believe how many sites are hacked due to the name being admin, or something in the url. Perhaps cloudron-admin, or even better, have the admin name set post install with instructions on a good way to choose a strong name.

        1 Reply Last reply Reply Quote 1
        • girish
          girish Staff last edited by

          Thanks @deepeyes and @jagan . Currently, it is admin because that username is specifically reserved by the Cloudron (i.e you cannot have a Cloudron username called admin).

          I can think of two things that we can easily fix immediately:

          1. Add a note that this user can be deleted in the post installation dialog
          2. We are already looking to auto-generating passwords for each installation (instead of having a standard default). This prevents cases where the user forgets to change the default password.
          ? 1 Reply Last reply Reply Quote 2
          • ?
            A Former User @girish last edited by

            @girish Even the "changeme" note might be good enough.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Powered by NodeBB