WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress default administrator account

Description

By default WordPress creates an administrator user account named admin. Using the default Admin WordPress Account, hackers can easily launch a brute force attack against it. In order to help deter this type of attack, you should change your default WordPress administrator username to something more difficult to guess.

Remediation

Change the default WordPress administrator username to something more difficult to guess. Consult web references for more information.

References

OWASP Wordpress Security Implementation Guideline

Your WordPress Installation Is Using the Default Admin Account

Change WordPress admin username for security

Related Vulnerabilities

TLS/SSL Sweet32 attack

WordPress admin accessible without HTTP authentication

.htaccess File Detected

GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability

ASP.NET expired session IDs are not regenerated

Severity

Low

Classification

CWE-16 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Default Credentials Bruteforce Possible