If you use “admin” as the default administrative login for your WordPress site, it may be vulnerable to hacking. News outlets are reporting and Matt Mullenwag is discussing the recent Brute-force botnet attacks on WordPress sites with the default “admin” account, and the take away is: change the username, use a strong password.
How Do I Change My Username?
If you click on the Users link from your dashboard, you’ll notice that usernames cannot be changed once they are created. Instead, you’ll need to create a new user account and assign administrative rights to that account. When the new account is created, you can then DELETE the existing admin account. Full instructions including screenshots are available here. Note you will also need to change the email address in General Settings if that address is the the one you used to set up your original admin account.
How do I change my password?
Unlike the username, you CAN change your password from the Users link on your dashboard. Consider these tips when picking a password, or consider using a password generator. You can also install a password generator plugin, if you want password generation to be integrated with new user creation. And remember when you change your password, don’t share it with anyone.
What else can I do to keep my WordPress site safe?
- Keep your software up-to-date. Are you using the most recent version of WordPress?
- Remove unused themes and extensions.
- Be vigilant about comment spam. Install Akismet and make sure the plugin is updated regularly.
- Consider slowing down login attempts or setting a maximum number of login attempts with this Limit Login Attempts plugin.
- Monitor changes to site files and database. There are a couple of different tools and services you can use:
- WordPress: File Monitor Plus plugin
- Malware scanning
- Sucuri http://sucuri.com
- AVG Link Scanner http://www.avg.com.au/resources/web-page-scanner/