Opened 15 years ago
Closed 14 years ago
#1820 closed defect (bug) (no action required)
Add ability to remove/replace/rename default "admin" account
Reported by: | doug.daulton | Owned by: | |
---|---|---|---|
Milestone: | 1.5 | Priority: | major |
Severity: | Version: | ||
Component: | Core | Keywords: | security, hackers reporter-feedback |
Cc: |
Description
Wondering why we cannot delete "admin" account and replace with an account with a non-standard name (i.e. userfred). There was a security issue in standard WP a while back that saw hackers attacking installs with "admin" as the default account. This prompted removal of default "admin" account on many WP installs.
I tried to hack this in the DB but it looks like BP some how requires "admin" as the username because, while I can login with the renamed account, I do not see the plugins dropdown or other Admin fucntions from the dashboard.
I deleted all cookies to be sure that was not the issue. The non-admin dashboard still appears.
Change History (13)
#2
in reply to:
↑ 1
;
follow-up:
↓ 3
@
15 years ago
Replying to r-a-y:
There's a WP plugin to rename usernames:
http://wordpress.org/extend/plugins/wpvn-username-changer/
I tried it out some time ago on a BP 1.0 install and it worked, haven't tried it since though.
I can change it in the DB. But, I think there is something in the BP code which is restricting it to admin.
#3
in reply to:
↑ 2
@
15 years ago
Replying to doug.daulton:
I can change it in the DB. But, I think there is something in the BP code which is restricting it to admin.
Are you using WP or WPMU? If WPMU, did you make sure to set your other username as a site-admin in the WPMU options?
#5
@
15 years ago
- Resolution set to invalid
- Status changed from new to closed
Nothing in BP stopping this, this would be something that needs to be done in WP.
#6
@
15 years ago
- Component set to Core
- Resolution invalid deleted
- Status changed from closed to reopened
I deleted my "admin" username account some time ago and my administrator-level account username is "piphut". However buddypress created my profile page as having "admin" in the URL, displays "@admin" on my profile page and now users are unable to send private messages to me because the system tries to send the message to "admin" when my username is actually "piphut".
Before the 1.2.4 upgrade I lived with it because the PMs still worked but now that is broken too.
#7
follow-up:
↓ 10
@
15 years ago
piphut, the above should only work if there is a user account with user_login=admin in the wp_users db. Can you confirm this please if the record is still in your DB?
#9
@
15 years ago
I can't send messages to users and my username is not "admin" (it is "wrede"). I am privileged as a site administrator though.
After submitting the message I get a Forbidden-Error page that points to the URL “/members/wrede/messages/compose” (with two slashes at the end).
#10
in reply to:
↑ 7
@
15 years ago
Replying to DJPaul:
piphut, the above should only work if there is a user account with user_login=admin in the wp_users db. Can you confirm this please if the record is still in your DB?
DJPaul, SELECT * FROM wp_users
WHERE user_login="admin" returned zero rows. It does not exist.
There's a WP plugin to rename usernames:
http://wordpress.org/extend/plugins/wpvn-username-changer/
I tried it out some time ago on a BP 1.0 install and it worked, haven't tried it since though.