Seems like a straightforward and simple added security measure to not make user 1 always have the same username, especially a username that other CMS systems share as a default.

Even just prepending/appending "admin" with something specific to each installation, like a "machine name" version of the site name or something during site installation would automatically foil the majority of cursory hacking attempts by bots.

Comments

rbayliss’s picture

Installing Drupal (at least on Drupal 8) through the interactive installer leads to a screen where you setup the "Site Maintenance Account." You have to choose a username for User 1, and it's not pre-filled to admin. So are you suggesting disallowing 'admin' as a choice for the user 1 username?

thedavidmeister’s picture

I for one almost exclusively use Aegir for development and almost never see the interactive installer.

I'm suggesting that when I don't use the interactive installer I don't end up with "admin".

josevitalsouto’s picture

I think this only occurs in Aegir, is set "admin" by default.

thedavidmeister’s picture

is that right? well I'll follow up over there then. Mind if I leave this ticket open until i can confirm/deny that?

yesct’s picture

Status: Active » Closed (cannot reproduce)

drush si is admin user by default, but I think that is a drush thing.
using the interactive install, there is no default username.