Acunetix WordPress Security PluginAlert group:

WordPress default “admin” account exists

Acunetix WP Security Plugin test:

During this test Acunetix looks for the default admin account in the WordPress user list.

Repercussions:

With the default WordPress administrator account active, a malicious user does not have to guess the username of other accounts with administrative permissions, thereby putting your WordPress security at risk and making it easier and faster to design an attack.

Fix:

If it is a new WordPress installation, you can simply create a new administrative account and delete the default admin account.  On an existing WordPress installation you may rename the existing account in the WordPress database by using the following MySQL command:

update tableprefix_users set user_login='[username_of_choice]'
where user_login='admin';

Instead of using command-line, you can also use a MySQL interface like phpMyAdmin to change the default WordPress admin account.

SHARE THIS POST
THE AUTHOR
Acunetix

Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.