Suggestion: Alternative Username other than 'Admin' for Wordpress



  • Hi,
    A Feature suggestion please:

    I installed wordpress on cloudron and found the first user to be 'admin' (users handled by app) - I manually added another administrator user and deleted the first one.

    May I suggest that the first administrator username be something different since bruteforce attacks try 'admin' first before anything else.

    This could be a good practice. Just my 2 cents.

    Thanks!



  • @jagan I second this, as a cyber security consultant, you wouldnt believe how many sites are hacked due to the name being admin, or something in the url. Perhaps cloudron-admin, or even better, have the admin name set post install with instructions on a good way to choose a strong name.



  • Thanks @deepeyes and @jagan . Currently, it is admin because that username is specifically reserved by the Cloudron (i.e you cannot have a Cloudron username called admin).

    I can think of two things that we can easily fix immediately:

    1. Add a note that this user can be deleted in the post installation dialog
    2. We are already looking to auto-generating passwords for each installation (instead of having a standard default). This prevents cases where the user forgets to change the default password.


  • @girish Even the "changeme" note might be good enough.