Fix privacy and security issue on fresh WordPress installs
When adding a fresh WordPress App, the default admin account Cloudways creates adopts the account holders email address. This is also becomes the display name by default, showing up on the front-end, exposing the account holders email address involuntarily. The display name should be set to something other than the email address.
I was going to make a post about this as well. Needs to be fixed!
AdminCloudways (Admin, Cloudways) commented
This has been fixed in all new WP deployments.
Thanks for reporting.
I think what he is saying is that the default admin account for WordPress that is generated by Cloudways is the email address of the Primary Account holder of that Cloudways user. Because of this, WP uses that as the author of posts thereby displaying Posted by: email@example.com on the website for any posts that are posted by that WP user. So one's Cloudways login email address would then be exposed to the public if left unchanged.
Personally, I always delete that generated user.
The steps to reproduce:
1) From Server Management add app, select WordPress and have it complete the process
2) Login to the new WordPress install using the user and pass that Cloudways used to setup WordPress, the username defaults to main account holder email address. So it would be firstname.lastname@example.org with a generated password
3) From the admin, navigate to users. Then edit the user that is there. You will see that the user name is email@example.com. Further down the page the nickname field has been defaulted to the firstname.lastname@example.org and the setting 'Display name publicly as' will default to nickname. It doesn't have anything else to go by.
4) visit the front-end while not logged-in (use incognito), check the default hello world post for example. You will see that on the default WP theme and most other themes will show the author using the "display name publicy as' setting, in this case email@example.com.