'.__('By default, WordPress sets the administrator username to "admin" at installation time.', 'all-in-one-wp-security-and-firewall').'
'.__('A lot of hackers try to take advantage of this information by attempting "Brute Force Login Attacks" where they repeatedly try to guess the password by using "admin" for username.', 'all-in-one-wp-security-and-firewall').'
'.__('From a security perspective, changing the default "admin" user name is one of the first and smartest things you should do on your site.', 'all-in-one-wp-security-and-firewall').'
'.__('This feature will allow you to change your default "admin" user name to a more secure name of your choosing.', 'all-in-one-wp-security-and-firewall').'
';
?>
output_feature_details_badge("user-accounts-change-admin-user");
if (AIOWPSecurity_Utility::check_user_exists('admin') || AIOWPSecurity_Utility::check_user_exists('Admin'))
{
echo '
'.__('Your site currently has an account which uses the default "admin" username.
It is highly recommended that you change this name to something else.
Use the following field to change the admin username.', 'all-in-one-wp-security-and-firewall').'
';
?>
';
_e ('No action required! ', 'all-in-one-wp-security-and-firewall');
echo ' ';
_e ('Your site does not have any account which uses the default "admin" username. ', 'all-in-one-wp-security-and-firewall');
_e ('This is good security practice.', 'all-in-one-wp-security-and-firewall');
echo '
';
}
?>
'.__('When you submit a post or answer a comment, WordPress will usually display your "nickname".', 'all-in-one-wp-security-and-firewall').'
'.__('By default the nickname is set to the login (or user) name of your account.', 'all-in-one-wp-security-and-firewall').'
'.__('From a security perspective, leaving your nickname the same as your user name is bad practice because it gives a hacker at least half of your account\'s login credentials.', 'all-in-one-wp-security-and-firewall').'
'.__('Therefore to further tighten your site\'s security you are advised to change your nickname and Display name to be different from your Username.', 'all-in-one-wp-security-and-firewall').'
';
?>
output_feature_details_badge("user-accounts-display-name");
//now let's find any accounts which have login name same as display name
$login_nick_name_accounts = AIOWPSecurity_Utility::check_identical_login_and_nick_names();
if ($login_nick_name_accounts) {
echo '
'.__('Your site currently has the following accounts which have an identical login name and display name.', 'all-in-one-wp-security-and-firewall').'
('.__('Click on the link to edit the settings of that particular user account', 'all-in-one-wp-security-and-firewall').'
'.__('No action required.', 'all-in-one-wp-security-and-firewall').' '.__('Your site does not have a user account where the display name is identical to the username.', 'all-in-one-wp-security-and-firewall').'
';
}
?>
'.__('Poor password selection is one of the most common weak points of many sites and is usually the first thing a hacker will try to exploit when attempting to break into your site.', 'all-in-one-wp-security-and-firewall').''.
'
'.__('Many people fall into the trap of using a simple word or series of numbers as their password. Such a predictable and simple password would take a competent hacker merely minutes to guess your password by using a simple script which cycles through the easy and most common combinations.', 'all-in-one-wp-security-and-firewall').'
'.
'
'.__('The longer and more complex your password is the harder it is for hackers to "crack" because more complex passwords require much greater computing power and time.', 'all-in-one-wp-security-and-firewall').'
'.
'
'.__('This section contains a useful password strength tool which you can use to check whether your password is sufficiently strong enough.', 'all-in-one-wp-security-and-firewall').'
';
?>
This password tool uses an algorithm which calculates how long it would take for your password to be cracked using the computing power of an off-the-shelf current model desktop PC with high end processor, graphics card and appropriate password cracking software.
debug_logger->log_debug("Nonce check failed on admin username change operation!",4);
die(__('Nonce check failed on admin username change operation!','all-in-one-wp-security-and-firewall'));
}
if (!empty($_POST['aiowps_new_user_name'])) {
$new_username = sanitize_text_field($_POST['aiowps_new_user_name']);
if (validate_username($new_username))
{
if (AIOWPSecurity_Utility::check_user_exists($new_username)){
$errors .= __('Username ', 'all-in-one-wp-security-and-firewall').$new_username.__(' already exists. Please enter another value. ', 'all-in-one-wp-security-and-firewall');
}
else
{
//let's check if currently logged in username is 'admin'
$user = wp_get_current_user();
$user_login = $user->user_login;
if (strtolower($user_login) == 'admin'){
$username_is_admin = TRUE;
} else {
$username_is_admin = FALSE;
}
//Now let's change the username
$sql = $wpdb->prepare( "UPDATE `" . $wpdb->users . "` SET user_login = '" . esc_sql($new_username) . "' WHERE user_login=%s", "admin" );
$result = $wpdb->query($sql);
if (!$result) {
//There was an error updating the users table
$user_update_error = __('The database update operation of the user account failed!', 'all-in-one-wp-security-and-firewall');
//TODO## - add error logging here
$return_msg = '
'.$user_update_error.'
';
return $return_msg;
}
//multisite considerations
if ( AIOWPSecurity_Utility::is_multisite_install() ) { //process sitemeta if we're in a multi-site situation
$oldAdmins = $wpdb->get_var( "SELECT meta_value FROM `" . $wpdb->sitemeta . "` WHERE meta_key = 'site_admins'" );
$newAdmins = str_replace( '5:"admin"', strlen( $new_username ) . ':"' . esc_sql( $new_username ) . '"', $oldAdmins );
$wpdb->query( "UPDATE `" . $wpdb->sitemeta . "` SET meta_value = '" . esc_sql( $newAdmins ) . "' WHERE meta_key = 'site_admins'" );
}
//If user is logged in with username "admin" then log user out and send to login page so they can login again
if ($username_is_admin) {
//Lets logout the user
$aio_wp_security->debug_logger->log_debug("Logging User Out with login ".$user_login. " because they changed their username.");
$after_logout_url = AIOWPSecurity_Utility::get_current_page_url();
$after_logout_payload = array('redirect_to'=>$after_logout_url, 'msg'=>$aio_wp_security->user_login_obj->key_login_msg.'=admin_user_changed', );
//Save some of the logout redirect data to a transient
AIOWPSecurity_Utility::is_multisite_install() ? set_site_transient('aiowps_logout_payload', $after_logout_payload, 30 * 60) : set_transient('aiowps_logout_payload', $after_logout_payload, 30 * 60);
$logout_url = AIOWPSEC_WP_URL.'?aiowpsec_do_log_out=1';
$logout_url = AIOWPSecurity_Utility::add_query_data_to_url($logout_url, 'al_additional_data', '1');
AIOWPSecurity_Utility::redirect_to_url($logout_url);
}
}
}
else {//An invalid username was entered
$errors .= __('You entered an invalid username. Please enter another value. ', 'all-in-one-wp-security-and-firewall');
}
}
else {//No username value was entered
$errors .= __('Please enter a value for your username. ', 'all-in-one-wp-security-and-firewall');
}
if (strlen($errors)> 0){//We have some validation or other error
$return_msg = '
';
}
return $return_msg;
}
/*
* This function will retrieve all user accounts which have 'administrator' role and will return html code with results in a table
*/
function get_all_admin_accounts($blog_id='') {
//TODO: Have included the "blog_id" variable for future use for cases where people want to search particular blog (eg, multi-site)
if ($blog_id) {
$admin_users = get_users('blog_id='.$blog_id.'&orderby=login&role=administrator');
} else {
$admin_users = get_users('orderby=login&role=administrator');
}
//now let's put the results in an HTML table
$account_output = "";
if ($admin_users != NULL) {
$account_output .= '