'.__('By default, WordPress sets the administrator username to "admin" at installation time.', 'aiowpsecurity').'
'.__('A lot of hackers try to take advantage of this information by attempting "Brute Force Login Attacks" where they repeatedly try to guess the password by using "admin" for username.', 'aiowpsecurity').'
'.__('From a security perspective, changing the default "admin" user name is one of the first and smartest things you should do on your site.', 'aiowpsecurity').'
'.__('This feature will allow you to change your default "admin" user name to a more secure name of your choosing.', 'aiowpsecurity').'
';
?>
output_feature_details_badge("user-accounts-change-admin-user");
if (AIOWPSecurity_Utility::check_user_exists('admin'))
{
echo '
'.__('Your site currently has an account which uses the default "admin" username.
It is highly recommended that you change this name to something else.
Use the following field to change the admin username.', 'aiowpsecurity').'
';
?>
';
_e ('No action required! ', 'aiowpsecurity');
echo ' ';
_e ('Your site does not have any account which uses the default "admin" username. ', 'aiowpsecurity');
_e ('This is good security practice.', 'aiowpsecurity');
echo '
';
}
?>
'.__('When you submit a post or answer a comment, WordPress will usually display your "nickname".', 'aiowpsecurity').'
'.__('By default the nickname is set to the login (or user) name of your account.', 'aiowpsecurity').'
'.__('From a security perspective, leaving your nickname the same as your user name is bad practice because it gives a hacker at least half of your account\'s login credentials.', 'aiowpsecurity').'
'.__('Therefore to further tighten your site\'s security you are advised to change your nickname and Display name to be different from your Username.', 'aiowpsecurity').'
';
?>
output_feature_details_badge("user-accounts-display-name");
//now let's find any accounts which have login name same as display name
$login_nick_name_accounts = AIOWPSecurity_Utility::check_identical_login_and_nick_names();
if ($login_nick_name_accounts) {
echo '
'.__('Your site currently has the following accounts which have an identical login name and display name.', 'aiowpsecurity').'
('.__('Click on the link to edit the settings of that particular user account', 'aiowpsecurity').'
'.__('No action required.', 'aiowpsecurity').' '.__('Your site does not have a user account where the display name is identical to the username.', 'aiowpsecurity').'
';
}
?>
debug_logger->log_debug("Nonce check failed on admin username change operation!",4);
die(__('Nonce check failed on admin username change operation!','aiowpsecurity'));
}
if (!empty($_POST['aiowps_new_user_name'])) {
$new_username = sanitize_text_field($_POST['aiowps_new_user_name']);
if (validate_username($new_username))
{
if (AIOWPSecurity_Utility::check_user_exists($new_username)){
$errors .= __('Username ', 'aiowpsecurity').$new_username.__(' already exists. Please enter another value. ', 'aiowpsecurity');
}
else
{
//let's check if currently logged in username is 'admin'
global $user_login;
get_currentuserinfo();
if (strtolower($user_login) == 'admin'){
$username_is_admin = TRUE;
} else {
$username_is_admin = FALSE;
}
//Now let's change the username
$result = $wpdb->query("UPDATE `" . $wpdb->users . "` SET user_login = '" . $wpdb->escape($new_username) . "' WHERE user_login='admin';");
if (!$result) {
//There was an error updating the users table
$user_update_error = __('The database update operation of the user account failed!', 'aiowpsecurity');
//TODO## - add error logging here
$return_msg = '
'.$user_update_error.'
';
return $return_msg;
}
//If user is logged in with username "admin" then log user out and send to login page so they can login again
if ($username_is_admin) {
//Lets logout the user
$aio_wp_security->debug_logger->log_debug("Logging User Out with login ".$user_login. " because they changed their username.");
$after_logout_url = AIOWPSecurity_Utility::get_current_page_url();
$after_logout_payload = 'redirect_to='.$after_logout_url.'&msg='.$aio_wp_security->user_login_obj->key_login_msg.'=admin_user_changed';//Place the handle for the login screen message in the URL
$encrypted_payload = base64_encode($after_logout_payload);
$logout_url = AIOWPSEC_WP_URL.'?aiowpsec_do_log_out=1';
$logout_url = AIOWPSecurity_Utility::add_query_data_to_url($logout_url, 'al_additional_data', $encrypted_payload);
AIOWPSecurity_Utility::redirect_to_url($logout_url);
}
//TODO - multisite considerations
// if ( is_multisite() ) { //process sitemeta if we're in a multi-site situation
// $oldAdmins = $wpdb->get_var( "SELECT meta_value FROM `" . $wpdb->sitemeta . "` WHERE meta_key = 'site_admins'" );
// $newAdmins = str_replace( '5:"admin"', strlen( $newuser ) . ':"' . $wpdb->escape( $new_username ) . '"', $oldAdmins );
// $wpdb->query( "UPDATE `" . $wpdb->sitemeta . "` SET meta_value = '" . $wpdb->escape( $newAdmins ) . "' WHERE meta_key = 'site_admins'" );
// }
}
}
else {//An invalid username was entered
$errors .= __('You entered an invalid username. Please enter another value. ', 'aiowpsecurity');
}
}
else {//No username value was entered
$errors .= __('Please enter a value for your username. ', 'aiowpsecurity');
}
if (strlen($errors)> 0){//We have some validation or other error
$return_msg = '
';
}
return $return_msg;
}
/*
* This function will retrieve all user accounts which have 'administrator' role and will return html code with results in a table
*/
function get_all_admin_accounts($blog_id='') {
//TODO: Have included the "blog_id" variable for future use for cases where people want to search particular blog (eg, multi-site)
if ($blog_id) {
$admin_users = get_users('blog_id='.$blog_id.'orderby=login&role=administrator');
} else {
$admin_users = get_users('orderby=login&role=administrator');
}
//now let's put the results in an HTML table
$account_output = "";
if ($admin_users != NULL) {
$account_output .= '
';
$account_output .= '
'.__('Account Login Name', 'aiowpsecurity').'
';
foreach ($admin_users as $entry) {
$account_output .= '
';
if ($entry->user_login == 'admin') {
$account_output .= '