Does Admin username changer have any unpatched vulnerabilities?

No. All known vulnerabilities in Admin username changer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Admin username changer compatible with WordPress 3.4.2?

According to WordPress.org data, Admin username changer 1.1 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is Admin username changer updated?

Admin username changer was last updated on Oct 3, 2012. Frequent updates are generally a positive security signal.

What is Admin username changer's security score?

Admin username changer has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Admin username changer Security & Risk Analysis

wordpress.org/plugins/admin-username-changer

Change your admin username to whatever you like. Improve your site security and make life difficult for the hackers.

100 active installs v1.1 PHP + WP 2.5+ Updated Oct 3, 2012

adminhackersimprovesecurityusername

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Admin username changer Safe to Use in 2026?

Generally Safe

Score 85/100

Admin username changer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The 'admin-username-changer' v1.1 plugin exhibits a concerning security posture due to several critical weaknesses identified in the static analysis. While the plugin has no recorded vulnerability history, this does not negate the risks present in the code itself. The most significant concern is the presence of an unprotected AJAX handler, which serves as a direct entry point for potential attackers without any authentication or authorization checks. Furthermore, the plugin lacks any capability checks, meaning that even if authentication were somehow bypassed or not required for the AJAX handler, any authenticated user, regardless of their role, could potentially interact with it. The absence of output escaping on all identified outputs is also a severe deficiency, opening the door to Cross-Site Scripting (XSS) vulnerabilities. The fact that 100% of SQL queries are not using prepared statements is another major red flag, increasing the risk of SQL injection attacks. Although the plugin has a limited attack surface and no critical taint flows were detected, these strengths are overshadowed by the critical security flaws related to unauthenticated entry points and the lack of proper input/output sanitization and authorization.

Key Concerns

AJAX handler without auth checks
Raw SQL queries without prepared statements
No output escaping
No capability checks

Vulnerabilities

None known

Admin username changer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Admin username changer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

0% escaped5 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

usernameForm (adminuser.php:58)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Admin username changer Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 2

authwp_ajax_usernameFormadminuser.php:31

noprivwp_ajax_usernameFormadminuser.php:32

WordPress Hooks 2

actionadmin_menuadminuser.php:34

actionadmin_initadminuser.php:36

Maintenance & Trust

Admin username changer Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedOct 3, 2012

PHP min version

Downloads14K

Community Trust

Rating74/100

Number of ratings7

Active installs100

Alternatives

Admin username changer Alternatives

Allow Username Edit

allow-username-edit

100

A WordPress plugin that allows administrators to safely edit usernames of registered users with an activation checkbox to prevent accidental changes.

0 No CVEs

Loginizer

loginizer

Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.

1.0M 8 CVEs

Admin Menu Editor

admin-menu-editor

Lets you edit the WordPress admin menu. You can re-order, hide or rename menus, add custom menus and more.

400K 3 CVEs

InfiniteWP Client

iwp-client

Install this plugin on unlimited sites and manage them all from a central dashboard. This plugin communicates with your InfiniteWP Admin Panel.

200K 7 CVEs

WP Ghost (Hide My WP Ghost) – Security & Firewall

hide-my-wp

Hide and Secure WP paths, wp-login, wp-admin, and more. Hack Prevention, Security, Brute Force protection, 8G Firewall, 2FA Passkey Login, and more.

100K 7 CVEs

Developer Profile

Admin username changer Developer Profile

yoshitech

1 plugin · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Admin username changer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/admin-username-changer/style.css

Version Parameters

admin-username-changer/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

formcurrentstatus

Data Attributes

id="changeUsername"name="changeUsername"id="username"name="username"id="changeUsernameButton"name="changeUsernameButton"+2 more

JS Globals

ajaxurladminuser

REST Endpoints

/wp-admin/admin-ajax.php

FAQ