Okay I'm just curious, for forum owners, do you think their name should be admin or owner or something like that? or just a nickname of whatever they want. I looked it up and couldn't really find much. I found one thing where a guy said he had 2 users, one named admin to give bans, lock topics, etc. administrative stuff, and he had another one with just a regular name to just like post in topics and be active in his forum, but they were both admins...heres the link: http://www.forumdr.com/should-you-post-messages-as-admin/9/ This is purely opinionated, unless you have factual reasoning....Then it's not.
Leaving the admin user as an admin is a fairly bad security risk as everybody knows it exists. We normally suggest to our users that they elevate a silly looking user account (ie Margret Smith) to the admin level, drop the admin down to a normal user or even one without any status, and don't tell anyone. Wordpress users are going to chant the "Hiding isn't security" but I've yet to have a forum hacked while using that method while most of them monitor tens if not hundreds of attempts against the admin account every day. And some of them have been able to get in only to discover that they can't do anything.
well even if the name is just a nickname, it would say admin like under it or somewhere and people would still know its admin. I'm not exactly sure what your saying here...what do you mean when you say drop admin down to normal lvl?
maintaining an admin name can actually be the target of sql injection. name it after your forum say in the digitapoint theres a user named digitalpoint but the guys suggestion with two accounts is also good.
yeah.....but mantaining 2 accounts is a hassle....and I'm lazy....and somebody told me as long as I keep the forum up to date, It probably won't get hacked.
Because hackers are going to try to guess that account's passwords. They assume that the admin account is going to have "root" access to the site so that's the one they go after. If you drop the admin account down to a lower level of access, if hackers get in, they can't do anything.
That's not intelligent security. A better level of security would be to simply change the admin directory name and htaccess password the login. You don't need 2 accounts. Besides that hackers use sql injection which would circumvent easily your attempts to hide the username of an admin. One sql query and they get it. Security has to make sense.
htpasswd and changing the admin directories are your best bet for security. As for the admin's name it really makes no difference, I tend to change it to my personal username.
I would suggest that you should not relly on a name change for any security at all, what I would suggest is ban the usernames like admin ect... so that no users can try to trick anyone.
If I had a nickle for every time some said that & then got hacked... Maintaining two accounts is not all that much of an issue. Keep your userID=1 as your own name and post with it... just make it so that it's not an admin. When you need in the ACP log into your other account. It's not that much of a hassle...and is really easy when you use one account with IE and the other with FF... that way ya can log in both at the same time
You must be a wordpress user. See above. Please review the thread. We're discussing the use of the admin account, not general security.
I have used wordpress but most well written modular software allows for admincp directory to be renamed as anything. And I did review the thread. The OP is asking about the logic of 2 accounts both with admin access. You're the first guy to say it's for security and my reply is a direct rebuttal. Don't be upset because I am more intelligent and experienced than you. If you think having multiple accounts with different permission levels is security then you just haven't caught on to reality.
This is just plain silly and worthless. You can't hide the admin account; hackers are going to figure out which account has administrative access. Whether it be by searching for members with the highest post counts or seeing who posts announcements and such within the community. It doesn't take a genius to figure out. I've never understood having multiple admin-accounts. It's really unnecessary and unhelpful. First of all, hackers do much more than "guessing account passwords". If that's all it took, then anybody can be a hacker. Secondly, if a weak password is the issue, then here's a genius idea: Use an obscure password such as "faka@emeTr=2u8ed". Don't you think that might be a better idea then creating a second account "just in case" yours gets hacked?