rename-admin-user.php — Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) 9.5.11

really-simple-ssl / security / wordpress / rename-admin-user.php

really-simple-ssl / security / wordpress Last commit date

two-fa 4 weeks ago vulnerabilities 4 weeks ago block-code-execution-uploads.php 4 weeks ago disable-xmlrpc.php 4 weeks ago display-name-is-login-name.php 4 weeks ago file-editing.php 4 weeks ago hide-wp-version.php 4 weeks ago index.php 4 weeks ago prevent-login-info-leakage.php 4 weeks ago rename-admin-user.php 4 weeks ago rest-api.php 4 weeks ago user-enumeration.php 4 weeks ago user-registration.php 4 weeks ago

rename-admin-user.php

175 lines

1	<?php
2	defined('ABSPATH') or die();
3
4	/**
5	* Username 'admin' changed notice
6	* @return array
7	*/
8	function rsssl_admin_username_changed( $notices ) {
9	$notices['username_admin_changed'] = array(
10	'condition' => ['rsssl_username_admin_changed'],
11	'callback' => '_true_',
12	'score' => 5,
13	'output' => array(
14	'true' => array(
15	'msg' => sprintf(__("Username 'admin' has been changed to %s", "really-simple-ssl"),esc_html(get_site_transient('rsssl_username_admin_changed')) ),
16	'icon' => 'open',
17	'dismissible' => true,
18	),
19	),
20	);
21	return $notices;
22	}
23	add_filter('rsssl_notices', 'rsssl_admin_username_changed');
24
25	/**
26	* Add admin as not allowed username
27	* @param array $illegal_user_logins
28	*
29	* @return array
30	*/
31	function rsssl_prevent_admin_user_add(array $illegal_user_logins){
32	$illegal_user_logins[] = 'admin';
33	$illegal_user_logins[] = 'administrator';
34	return $illegal_user_logins;
35	}
36	add_filter( 'illegal_user_logins', 'rsssl_prevent_admin_user_add' );
37
38	/**
39	* Rename admin user
40	* @return bool
41	*/
42	function rsssl_rename_admin_user() {
43	if ( !rsssl_user_can_manage() ) {
44	return false;
45	}
46	//to be able to update the admin user email, we need to disable this filter temporarily
47	remove_filter( 'illegal_user_logins', 'rsssl_prevent_admin_user_add' );
48
49	// Get user data for login admin
50	$admin_user = get_user_by('login','admin');
51	if ( $admin_user ) {
52	// Get the new user login
53	$new_user_login = trim(sanitize_user(rsssl_get_option('new_admin_user_login')));
54	if ( rsssl_new_username_valid() ) {
55	$admin_user_id = $admin_user->data->ID;
56	$admin_userdata = get_userdata( $admin_user_id );
57	$admin_email = $admin_userdata->data->user_email;
58	global $wpdb;
59	//get current user hash
60	$user_hash = $wpdb->get_var($wpdb->prepare("select user_pass from {$wpdb->base_prefix}users where ID = %s", $admin_user_id) );
61	//create temp email address
62	$domain = site_url();
63	$parse = parse_url( $domain );
64	$host = $parse['host'] ?? 'example.com';
65	$email = "$new_user_login@$host";
66
67	// Do not send an e-mail with this temporary e-mail address
68	add_filter('send_email_change_email', '__return_false');
69
70	// update e-mail for existing user. Cannot have two accounts connected to the same e-mail address
71	$success = wp_update_user( array(
72	'ID' => $admin_user_id,
73	'user_email' => $email,
74	) );
75
76	if ( ! $success ) {
77	return false;
78	}
79
80	// Populate the new user data. Use current 'admin' userdata wherever available
81	$new_userdata = array(
82	'user_pass' => wp_generate_password( 12 ), //temp, overwrite with actual hash later.
83	//(string) The plain-text user password.
84	'user_login' => $new_user_login,
85	//(string) The user's login username.
86	'user_nicename' => isset( $admin_user->data->user_nicename ) ? $admin_user->data->user_nicename : '',
87	//(string) The URL-friendly user name.
88	'user_url' => isset( $admin_user->data->user_url ) ? $admin_user->data->user_url : '',
89	//(string) The user URL.
90	'user_email' => isset( $admin_email ) ? $admin_email : '',
91	//(string) The user email address.
92	'display_name' => isset( $admin_user->data->display_name ) ? $admin_user->data->display_name : '',
93	//(string) The user's display name. Default is the user's username.
94	'nickname' => isset( $admin_user->data->nickname ) ? $admin_user->data->nickname : '',
95	//(string) The user's nickname. Default is the user's username.
96	'first_name' => isset( $admin_user->data->user_firstname ) ? $admin_user->data->user_firstname : '',
97	//(string) The user's first name. For new users, will be used to build the first part of the user's display name if $display_name is not specified.
98	'last_name' => isset( $admin_user->data->user_lastname ) ? $admin_user->data->user_lastname : '',
99	//(string) The user's last name. For new users, will be used to build the second part of the user's display name if $display_name is not specified.
100	'description' => isset( $admin_user->data->description ) ? $admin_user->data->description : '',
101	//(string) The user's biographical description.
102	'rich_editing' => isset( $admin_user->data->rich_editing ) ? $admin_user->data->rich_editing : '',
103	//(string\|bool) Whether to enable the rich-editor for the user. False if not empty.
104	'syntax_highlighting' => isset( $admin_user->data->syntax_highlighting ) ? $admin_user->data->syntax_highlighting : '',
105	//(string\|bool) Whether to enable the rich code editor for the user. False if not empty.
106	'comment_shortcuts' => isset( $admin_user->data->comment_shortcuts ) ? $admin_user->data->comment_shortcuts : '',
107	//(string\|bool) Whether to enable comment moderation keyboard shortcuts for the user. Default false.
108	'admin_color' => isset( $admin_user->data->admin_color ) ? $admin_user->data->admin_color : '',
109	//(string) Admin color scheme for the user. Default 'fresh'.
110	'use_ssl' => isset( $admin_user->data->use_ssl ) ? $admin_user->data->use_ssl : '',
111	//(bool) Whether the user should always access the admin over https. Default false.
112	'user_registered' => isset( $admin_user->data->user_registered ) ? $admin_user->data->user_registered : '',
113	//(string) Date the user registered. Format is 'Y-m-d H:i:s'.
114	'show_admin_bar_front' => isset( $admin_user->data->show_admin_bar_front ) ? $admin_user->data->show_admin_bar_front : '',
115	//(string\|bool) Whether to display the Admin Bar for the user on the site's front end. Default true.
116	'role' => isset( $admin_user->roles[0] ) ? $admin_user->roles[0] : '',
117	//(string) User's role.
118	'locale' => isset( $admin_user->data->locale ) ? $admin_user->data->locale : '',
119	//(string) User's locale. Default empty.
120	);
121
122	// Create new admin user
123	$new_user_id = wp_insert_user( $new_userdata );
124	if ( ! $new_user_id \|\| is_wp_error($new_user_id) ) {
125	return false;
126	}
127
128	//store original user hash in this user.
129	$wpdb->update(
130	$wpdb->base_prefix.'users',
131	['user_pass' => $user_hash ],
132	['ID' => $new_user_id]
133	);
134
135	require_once( ABSPATH . 'wp-admin/includes/user.php' );
136	wp_delete_user( $admin_user_id, $new_user_id );
137
138	// On multisite we have to update the $wpdb->prefix . sitemeta -> meta_key -> site_admins -> meta_value to the new username
139	if ( is_multisite() ) {
140	global $wpdb;
141	$site_admins = $wpdb->get_var( "SELECT meta_value FROM {$wpdb->base_prefix}sitemeta WHERE meta_key = 'site_admins'" );
142	if ( is_serialized( $site_admins ) ) {
143	$unserialized = unserialize( $site_admins );
144	foreach ( $unserialized as $index => $site_admin ) {
145	if ( $site_admin === 'admin' ) {
146	$unserialized[ $index ] = $new_user_login;
147	}
148	}
149	$site_admins = serialize( $unserialized );
150	}
151	$wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->base_prefix}sitemeta SET meta_value = %s WHERE meta_key = 'site_admins'", $site_admins ) );
152	}
153
154	set_site_transient( 'rsssl_username_admin_changed', $new_user_login, DAY_IN_SECONDS );
155	}
156	return true;
157	}
158	return true;
159	}
160	add_action('rsssl_after_saved_fields','rsssl_rename_admin_user', 30);
161
162	/**
163	* @return bool
164	*
165	* Notice condition
166	*/
167	function rsssl_username_admin_changed() {
168	if ( get_site_transient('rsssl_username_admin_changed') ) {
169	return true;
170	}
171
172	return false;
173	}
174
175