"admin" Is Not a Secure Drupal Username

This article was published in the print magazine Drupal Watchdog, Volume 2 Issue 2, , on page 8, by Tag1 Publishing. The magazine was distributed at DrupalCon Munich, .

If an attacker obtains a valid username or password utilized within your Drupal-based website, then he is that much closer to breaking in and potentially wreaking havoc. Thus, it is bad security practice to ever use an obvious username — and the most obvious one of all is "admin". Even worse, it is most commonly chosen for administrator accounts, and even for the superuser (user/1). "admin" is fine as the name of a role, but not as the name of a user.

Creating a user
Figure 1. Creating a user
Copyright © 2012 Michael J. Ross. All rights reserved.