It's so easy to work on Drupal as user 1, but bad practice as you might miss any permissions problems that could occur for other users.
To make matters worse, the user 1 account often has the default username of admin, making the task of brute-forcing access twice as easy for any malicious attackers.
This module solves both problems by setting both the username and password for user 1 to random strings each time cron runs. Even if an attacker could somehow guess the username, the password is saved as unencrypted string, so Drupals password check functions will always fail.
If you find yourself needing to login as user 1 anyway for some reason, you can generate a magic login url using drush uli.
Note
Do not use this module on your site if you cannot use drush.
Project information
Maintenance fixes only
Considered feature-complete by its maintainers.- Project categories: Administration tools, Security
147 sites report using this module- Created by cafuego on , updated
Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.
