Description

By default WordPress creates an administrator user account named admin. Using the default Admin WordPress Account, hackers can easily launch a brute force attack against it. In order to help deter this type of attack, you should change your default WordPress administrator username to something more difficult to guess.

Remediation

Change the default WordPress administrator username to something more difficult to guess. Consult web references for more information.

References

OWASP Wordpress Security Implementation Guideline

Your WordPress Installation Is Using the Default Admin Account

Change WordPress admin username for security

Related Vulnerabilities

Ruby on Rails weak/known secret token

Content Security Policy (CSP) Not Implemented

WebDAV Directory Has Write Permissions

ASP.NET application-level tracing enabled

Multiple vulnerabilities fixed in PHP versions 5.5.12 and 5.4.28

Severity

Low

Classification

CWE-16 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Default Credentials Bruteforce Possible