A Feature suggestion please:
I installed wordpress on cloudron and found the first user to be 'admin' (users handled by app) - I manually added another administrator user and deleted the first one.
May I suggest that the first administrator username be something different since bruteforce attacks try 'admin' first before anything else.
This could be a good practice. Just my 2 cents.
@jagan I second this, as a cyber security consultant, you wouldnt believe how many sites are hacked due to the name being admin, or something in the url. Perhaps cloudron-admin, or even better, have the admin name set post install with instructions on a good way to choose a strong name.
Thanks @deepeyes and @jagan . Currently, it is
adminbecause that username is specifically reserved by the Cloudron (i.e you cannot have a Cloudron username called
I can think of two things that we can easily fix immediately:
- Add a note that this user can be deleted in the post installation dialog
- We are already looking to auto-generating passwords for each installation (instead of having a standard default). This prevents cases where the user forgets to change the default password.