"Admin" username automatic?

  • RM Blackpoint

    (@rm-blackpoint)


    10 years, 8 months ago

    Hi,

    I have a WordPress site on which I’m the only user. I use a different name rather than “admin” for my account (and in fact have my Wordfence security settings set to block any IP that tries to sign in as “admin”). Yet periodically I’ll try to log in with my correct account name and password, and it won’t let me; when I get a password reset link sent, it tells me that this is the password for “admin”, and when I successfully log in and look at the users, “admin” is the only user (with the other name identified as a display name, rather than the account name).

    So – does the first or sole account default to being called “admin”? If so, how can I get it to not do that? If not, what’s going on here?

Viewing 10 replies - 1 through 10 (of 10 total)
  • Matthew

    (@kidsguide)

    10 years, 8 months ago

    So – does the first or sole account default to being called “admin”?

    No. The is no default username. When you (or whoever) was setting up your website they must have decided to use the admin username. You can try to create a new user and then delete the admin username user.

    Thread Starter RM Blackpoint

    (@rm-blackpoint)

    10 years, 8 months ago

    I’ve actually done exactly that in the past, and then when I try to log in a few days later, “admin” is the only existing account. The reason I don’t use “admin” and block anyone trying to use it if it doesn’t exist is because my site has been hacked before, so this is troubling me…

    Matthew

    (@kidsguide)

    10 years, 8 months ago

    You may want to implement some (if not all) of the recommended security measures. If you make sure that all your other security is ok then you should be good.

    Thread Starter RM Blackpoint

    (@rm-blackpoint)

    10 years, 8 months ago

    I’d already installed WordFence, which is supposed to be a very good security plugin, and also restricted the IP addresses which can access the login page. Hopefully that will help the security problem, but as I said, one of the options you can select in WordPress is to disallow the registration of an “admin” username and to block IPs that try to sign in as whatever names you choose if those users don’t exist (so I blocked “admin”). No user called “admin” existed – there was my account with admin privileges and a different name. I successfully logged in with my account a few days ago. Today I once again find that my account is gone and has been replaced by “admin”, still on my e-mail address.

    (Can’t look at the codex now – 504 – but will check later.)

    Matthew

    (@kidsguide)

    10 years, 8 months ago

    I don’t know what could be causing this issue. You could try resetting your .htaccess to see if there are any rules causing you not to be able to do this.

    Thread Starter RM Blackpoint

    (@rm-blackpoint)

    10 years, 8 months ago

    What do you mean by re-setting? And if I do this, will I have to re-add my other security rules? (eg. the one preventing any IP but my own from accessing wp-login.php)

    Thread Starter RM Blackpoint

    (@rm-blackpoint)

    10 years, 8 months ago

    And now it’s been another few days and the password the system gave me last time I asked to reset doesn’t work. Is it possible that there’s some setting that’s making it change every few days, leaving it with an “admin” account that’s on my email address but a different password?

    The password reset email still comes to me, so it’s not like someone else is getting that email. I’m very puzzled.

    Matthew

    (@kidsguide)

    10 years, 8 months ago

    You could try deactivating the WordFence security plugin for a few days to see if that is causing the problem.

    Thread Starter RM Blackpoint

    (@rm-blackpoint)

    10 years, 8 months ago

    Do you think I should be worried about security during this time? Is there something else I should do while it is inactive?

    And you mentioned .htaccess – what in .htaccess might be causing this? What should I look for?

    Matthew

    (@kidsguide)

    10 years, 8 months ago

    And you mentioned .htaccess – what in .htaccess might be causing this? What should I look for?

    I don’t think .htaccess is a problem anymore.

    Do you think I should be worried about security during this time? Is there something else I should do while it is inactive?

    If you have a backup of your website just in case then it should not be a problem.

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘"Admin" username automatic?’ is closed to new replies.