admin Is Not a Secure Drupal Username

By

This article was published in the print magazine Drupal Watchdog, Volume 2 Issue 2, 2012-08, on page 8, by Tag1 Publishing. The magazine was distributed at DrupalCon Munich, 2012-08-20.

If an attacker obtains a valid username or password utilized within your Drupal-based website, then he is that much closer to breaking in and potentially wreaking havoc. Thus, it is bad security practice to ever use an obvious username — and the most obvious one of all is "admin". Even worse, it is most commonly chosen for administrator accounts, and even for the superuser (user/1). "admin" is fine as the name of a role, but not as the name of a user.

Creating a user
Figure 1. Creating a user

Copyright © 2012 Michael J. Ross. All rights reserved.

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <address> <area> <blockquote> <br> <cite> <code> <dd> <div> <dl> <dt> <em> <fieldset> <h1> <h2> <h3> <h4> <h5> <h6> <hr> <img> <input> <li> <map> <ol> <p> <pre> <span> <strong> <sup> <u> <ul>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
4 + 13 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.