@psychobunny @julian A special user/group for the ACP would be nice to have, though. I am thinking in terms of: Intrusion starts with spotting the user with desired credentials. This way administrator/moderator/team accounts couldn't be targets to any attacks. As such a username (account with ACP access) wouldn't be exposed to the public, whatsoever. But since many BBs, for many years did well without it, I come around to the first line: "Nice to have".