Who is Drupal User 1?
Drupal User 1 is a deity. Drupal is fairly unique in that it has this one user who towers over every other user on your site. This User has all possible permissions on your site.
In Drupal 6, this account completely bypassed all of Drupal’s security systems. It was also required for running updates and some other vital user functions.
In Drupal 7, this account no longer quite so important, but it still must be protected.
This user is known as User 1. Why? Because that’s literally the number that Drupal gives them as you can see in the image below. On Drupal.org, it makes sense that this user is Dries Buytaert, the founder of Drupal:
You can have some fun by going to various Drupal sites and adding /user/1/ to the end of the domain name to see who the founding user was.
As you can imagine, giving such power to one user can be dangerous. People can forget how to access to this account. Hackers can be attempt to hijack it. It’s even possible to disable the account on Drupal 7 by blocking User 1 or removing them from the administrator role. Note: this is not advised!
What to do with User 1?
In Drupal 7, as we’ve seen, it’s possible to block User #1 and use other accounts to run your site.
In Drupal 6, you can use the Protect Critical Users module to keep User #1 safe: http://drupal.org/project/protect_critical_users.
If you forget the login for User 1, it’s also possible to regain access via the database by using this tutorial.
