I had a user register with the name ‘Admin’

  • Resolved BubbaLovesWP

    (@bubbalovestv)


    2 years, 9 months ago

      – I deleted the original user named ‘admin’ when I created my site
      – I activated the setting that said – ‘Prevent users registering ‘admin’ username if it doesn’t exist’ in Wordfence.
      – 2 weeks later I got an email from Wordfence saying – ‘High Severity Problems: * An admin user with the username Admin was created outside of WordPress.’
      – I checked, and indeed someone registered with the username ‘Admin’ and posted a lot of spam.

    So 2 things…. First, the user was a subscriber, not an admin like the email reported. Second, he/she did use the ‘Admin’ with a capital ‘A’. So I’m not sure if that makes a difference.

    Anyway, there ya go.

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @bubbalovestv, thanks for your message.

    ‘admin’ as the default choice for WordPress is specifically blocked when removed by the site administrator but is case sensitive to match that name exactly. I will mention this case for further internal discussion due to the difference in name to their actual permissions level, but for now you can input ‘Admin’ or any variation thereof to Wordfence > All Options > Brute Force Protection > Immediately block the IP of users who try to sign in as these usernames if you wish.

    Thanks,

    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘I had a user register with the name ‘Admin’’ is closed to new replies.