Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Discuss
  3. Suggestion: Alternative Username other than 'Admin' for Wordpress

Suggestion: Alternative Username other than 'Admin' for Wordpress

Scheduled Pinned Locked Moved Discuss
9 Posts 4 Posters 2.2k Views 5 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      J Offline
      jagan
      wrote on last edited by
      #1

      Hi,
      A Feature suggestion please:

      I installed wordpress on cloudron and found the first user to be 'admin' (users handled by app) - I manually added another administrator user and deleted the first one.

      May I suggest that the first administrator username be something different since bruteforce attacks try 'admin' first before anything else.

      This could be a good practice. Just my 2 cents.

      Thanks!

      ? 1 Reply Last reply
      2
      • J jagan

        Hi,
        A Feature suggestion please:

        I installed wordpress on cloudron and found the first user to be 'admin' (users handled by app) - I manually added another administrator user and deleted the first one.

        May I suggest that the first administrator username be something different since bruteforce attacks try 'admin' first before anything else.

        This could be a good practice. Just my 2 cents.

        Thanks!

        ? Offline
        ? Offline
        A Former User
        wrote on last edited by
        #2

        @jagan I second this, as a cyber security consultant, you wouldnt believe how many sites are hacked due to the name being admin, or something in the url. Perhaps cloudron-admin, or even better, have the admin name set post install with instructions on a good way to choose a strong name.

        1 Reply Last reply
        1
        • girishG Do not disturb
          girishG Do not disturb
          girish
          Staff
          wrote on last edited by
          #3

          Thanks @deepeyes and @jagan . Currently, it is admin because that username is specifically reserved by the Cloudron (i.e you cannot have a Cloudron username called admin).

          I can think of two things that we can easily fix immediately:

          1. Add a note that this user can be deleted in the post installation dialog
          2. We are already looking to auto-generating passwords for each installation (instead of having a standard default). This prevents cases where the user forgets to change the default password.
          ? 1 Reply Last reply
          2
          • girishG girish

            Thanks @deepeyes and @jagan . Currently, it is admin because that username is specifically reserved by the Cloudron (i.e you cannot have a Cloudron username called admin).

            I can think of two things that we can easily fix immediately:

            1. Add a note that this user can be deleted in the post installation dialog
            2. We are already looking to auto-generating passwords for each installation (instead of having a standard default). This prevents cases where the user forgets to change the default password.
            ? Offline
            ? Offline
            A Former User
            wrote on last edited by
            #4

            @girish Even the "changeme" note might be good enough.

            1 Reply Last reply
            1
            • J Offline
              J Offline
              jagan
              wrote on last edited by
              #5

              Bump up for this feature request @girish
              Can we use the email as the admin user please?
              Thank you

              1 Reply Last reply
              0
              • girishG Do not disturb
                girishG Do not disturb
                girish
                Staff
                wrote on last edited by
                #6

                Can we use the email as the admin user please?

                @jagan what do you mean by this? Just delete admin user and create another however you want, no?

                1 Reply Last reply
                0
                • J Offline
                  J Offline
                  jagan
                  wrote on last edited by jagan
                  #7

                  Yes, that is what I presume 99% of all our users do, but isn't this an extra step that can be avoided by having something else as the default admin user instead of 'admin'?

                  I mean, if cloudron wizardly can help with a simple workabout as a best practice, it would be great.
                  We can use the email - domain.app@cloudron as the username if that is possible without much work.

                  Sure, this is not a 'must have' thing, just a desirable one.

                  Thank you!

                  Edit: I am seeing an increase in brute force attacks trying to use 'admin' as username across many sites. That is what prompted me to revisit this feature request.

                  girishG 1 Reply Last reply
                  1
                  • J jagan

                    Yes, that is what I presume 99% of all our users do, but isn't this an extra step that can be avoided by having something else as the default admin user instead of 'admin'?

                    I mean, if cloudron wizardly can help with a simple workabout as a best practice, it would be great.
                    We can use the email - domain.app@cloudron as the username if that is possible without much work.

                    Sure, this is not a 'must have' thing, just a desirable one.

                    Thank you!

                    Edit: I am seeing an increase in brute force attacks trying to use 'admin' as username across many sites. That is what prompted me to revisit this feature request.

                    girishG Do not disturb
                    girishG Do not disturb
                    girish
                    Staff
                    wrote on last edited by
                    #8

                    @jagan I think WP requires some username. It's not possible to create a user with just email address. We can change 'admin' to something else, but the script kiddies will just add that username as another option.

                    8e5a26fb-accb-4439-b063-7967a2fdec38-image.png

                    1 Reply Last reply
                    0
                    • J Offline
                      J Offline
                      jagan
                      wrote on last edited by jagan
                      #9

                      Yes, a username is mandatory requirement. My idea did not get through, let me try again please.
                      On some platforms, the email and the username are automatically set to be the same.
                      This is not ideal, although the email would be unique.

                      However for cloudron, please consider this:
                      On Cloudron, the system already generates a 'From Email' on its own.
                      I wish to propose that this email or the first part of it (before @) be used as the username.

                      Mail FROM Address
                      7ef27f4c-4c24-4544-a669-4b95371552ca-image.png

                      Anything but 'admin' would be great.

                      1 Reply Last reply
                      0
                      Reply
                      • Reply as topic
                      Log in to reply
                      • Oldest to Newest
                      • Newest to Oldest
                      • Most Votes


                        • Login

                        • Don't have an account? Register

                        • Login or register to search.
                        • First post
                          Last post
                        0
                        • Categories
                        • Recent
                        • Tags
                        • Popular
                        • Bookmarks
                        • Search