Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Suggestion: Alternative Username other than 'Admin' for Wordpress


  • Hi,
    A Feature suggestion please:

    I installed wordpress on cloudron and found the first user to be 'admin' (users handled by app) - I manually added another administrator user and deleted the first one.

    May I suggest that the first administrator username be something different since bruteforce attacks try 'admin' first before anything else.

    This could be a good practice. Just my 2 cents.

    Thanks!


  • @jagan I second this, as a cyber security consultant, you wouldnt believe how many sites are hacked due to the name being admin, or something in the url. Perhaps cloudron-admin, or even better, have the admin name set post install with instructions on a good way to choose a strong name.

  • Staff

    Thanks @deepeyes and @jagan . Currently, it is admin because that username is specifically reserved by the Cloudron (i.e you cannot have a Cloudron username called admin).

    I can think of two things that we can easily fix immediately:

    1. Add a note that this user can be deleted in the post installation dialog
    2. We are already looking to auto-generating passwords for each installation (instead of having a standard default). This prevents cases where the user forgets to change the default password.

  • @girish Even the "changeme" note might be good enough.